From the course: Network Forensics
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
syslog
- [Narrator] Linux uses a consolidated and systematic ordered logging mechanism called 'syslog'. 'Syslog' supports both local, and remote log collection. Each instance of Linux installation comes with 'syslog' or it's variation, pre-installed by default, which manages all the logs generated by software running on the host. Therefore, providing a single point of management. What we're going to use is 'rsyslog', which is a more recent variation of 'syslog'. The 'rsyslog' configuration file at the '/etc/rsyslog.conf' directory. Let's open the file by typing "nano" "/etc/" "rsyslog" ".conf". In the beginning of the file it says that default logging rules can be found in "/etc/rsyslog.d/50-default.conf". Let's check this out. First, exit out of the current file. Press "Ctrl-X". As the comment stated, the location is where 'rsyslog' keeps all it's default rules. Type "nano /etc/rsyslog.d/50-default.conf". Press Enter. Take a closer look at the line that says "mail.err", and "tab…
Contents
-
-
-
-
-
(Locked)
Network logs3m 6s
-
(Locked)
Intrusion and security events5m 2s
-
(Locked)
Network logs as evidence3m 16s
-
(Locked)
Network logs and compliance3m 12s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 23s
-
(Locked)
syslog6m 14s
-
(Locked)
syslog-ng6m 31s
-
(Locked)
Kiwi Syslog Server2m 39s
-
(Locked)
Microsoft Log Parser4m 34s
-
(Locked)
-
-
-