From the course: Network Forensics
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
syslog
- [Narrator] Linux uses a consolidated and systematic ordered logging mechanism called 'syslog'. 'Syslog' supports both local, and remote log collection. Each instance of Linux installation comes with 'syslog' or it's variation, pre-installed by default, which manages all the logs generated by software running on the host. Therefore, providing a single point of management. What we're going to use is 'rsyslog', which is a more recent variation of 'syslog'. The 'rsyslog' configuration file at the '/etc/rsyslog.conf' directory. Let's open the file by typing "nano" "/etc/" "rsyslog" ".conf". In the beginning of the file it says that default logging rules can be found in "/etc/rsyslog.d/50-default.conf". Let's check this out. First, exit out of the current file. Press "Ctrl-X". As the comment stated, the location is where 'rsyslog' keeps all it's default rules. Type "nano /etc/rsyslog.d/50-default.conf". Press Enter. Take a closer look at the line that says "mail.err", and "tab…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Network logs3m 6s
-
(Locked)
Intrusion and security events5m 2s
-
(Locked)
Network logs as evidence3m 16s
-
(Locked)
Network logs and compliance3m 12s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 23s
-
(Locked)
syslog6m 14s
-
(Locked)
syslog-ng6m 31s
-
(Locked)
Kiwi Syslog Server2m 39s
-
(Locked)
Microsoft Log Parser4m 34s
-
(Locked)
-
-
-