Security :: Syslog - Missing Entries To Logs
May 23, 2011
CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
View 2 Replies
ADVERTISEMENT
Mar 30, 2011
I was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
View 6 Replies
View Related
Aug 23, 2010
I am searching that how i can configure syslogs/rsyslog to receive third party tools or softwares logs. For example i have a program that generates logs like when it is started and logs about its services, alerts if there are any alarms etc. I want to forward these logs using syslogs/rsyslog. Is their any possibility how can i achieve that
View 2 Replies
View Related
Jan 7, 2011
My syslog is showing a lot of entries like the following: Quote:
[Code]....
I think I have messed up my media setup:
[Code]....
View 4 Replies
View Related
Aug 9, 2010
i installed php-syslog-ng 2.9.8m in RHEL5 box. I saw logs from the local machine once the cron execute in every one minute.I dont need to appear those in my syslog console. I want to disable these from my linux box.How can i archive this
View 1 Replies
View Related
Jan 17, 2011
configure syslog server on ubuntu now i want to export logs of windows and ubuntu desktop to the syslog server
View 6 Replies
View Related
Sep 24, 2009
I'm running Ubuntu Desktop 9.10. How do I get it to forward its logs to a syslog server (its running on a different machine)?
View 2 Replies
View Related
Feb 2, 2009
For remote syslog logging of the general log files, I set:
Quote:
How do I setup the remote syslog logging of apache logs? Do I just add a line in the httpd.conf file to for example ?:
Quote:
View 2 Replies
View Related
May 13, 2010
I installed syslog-ng so I can receive remote logs. this is working however since I disabled syslog on my syslog-ng server I am not logging in /var/log/messages cron and some others.locally)I know this is because my syslog-ng.conf only references remote and not local.How can I edit the syslog-ng.conf file so that I can receive remote and local? I tried this however when adding in portions of the default config, I only receive local and not remote logs anymore. I am forwarding my config.
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
[code]....
View 2 Replies
View Related
Jan 17, 2010
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
View 2 Replies
View Related
Mar 1, 2010
OS CentOS 5.4 I have a DNS server that is logging all named and dns requests to the chrooted named directory. By default named logs to /var/log/messages but I want to isolate all the dns queries and requests to separate files. I know I can add entries to /etc/syslog.conf to "roll" the logs and logrotate should pick them up but fuzzy as to the syntax. I don't know what "tag" to use in the first fieild. for example
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none/var/log/messages
Here is the logging section of my named.conf
# pwd
# /var/named/chroot/etc
logging
{
[code]....
View 5 Replies
View Related
Oct 18, 2010
how does one configure a Ubuntu 10.4 machine to write its logs to a syslog server?
View 1 Replies
View Related
Jul 19, 2011
I just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
View 5 Replies
View Related
Sep 20, 2010
I am using UBUNTU Karmic Koala 9 .10 . Recently I have noticed certain errors with my LOG Files. My Log files are just logging the events for that particular day.All the logs of the previous days are lost. It happens to almost all categories of log.Every log just shows one particular days log. I have not done any changes to any settings on this machine as Ubuntu on my laptop is very stable and totally hiccup free. Previously, the log file viewer used to show logged information from over a week or so.but..now every other days log files just vanishes. I am just concerned
1)Is it because of any rogue script that is deleting the previous log files.
2)Has my machine is getting compromised in anyway as I am using it extensively for Internet.[ I have the normal Firewall enabled already] With regard to this I have a few questions
1)Is it Ubuntu's default behavior?Does it back up the old log files everyday?
2)If it is not the way Ubuntu treats Log files.How can I correct this?
3)Does apt-get clean or apt-get autoclean delete log files?
I have searched Google for past 3 days for a possible solution to this problem without yielding much result.
View 6 Replies
View Related
Aug 3, 2010
Is there a way to send syslog messages through SNMP? I'm not finding much info online around this. A co-worker said it was easy to do. RHEL5.5
View 1 Replies
View Related
Jan 29, 2011
I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
View 1 Replies
View Related
Jan 24, 2010
In order to mitigate risks linked to the use of the classic syslog protocol (spoof, replay, tampering, lost messages...) I am looking for a product implementing the syslog-sign capability: [URL] which is still a draft in the IETF for the moment. On NetBSD, the sylog daemon is able to run this feature: [URL]. Did anybody tried this feature on a Linux system?
View 1 Replies
View Related
Jul 21, 2010
I've got a fresh install of 11.3 on a x64 machine. I've managed to work through most of the initial hiccups and get a smooth system.However I've noticed that the 'System Logs' option in YAST is missing. Has anyone else noticed this? Is there some supplimental package that I should install? If it was removed from 11.3, is there an easy way to find and read these logs?
View 7 Replies
View Related
Jun 16, 2010
I am looking to build a dedicated syslog-SNMP server with remote web interface and I would appreciate a discussion from our community on recommending the best solutions to deploy. I would like to be able to create an opensource architecture I could easily duplicate for multiple stand-alone customer environments.
View 1 Replies
View Related
Jul 14, 2010
Is it possible to configure the RHEL 5.5 syslog to accept SNMP traps? That is I want to use a central logging server to pick up other systems syslogs, and SNMP messages from systems that cannot use remote syslog functions.
View 3 Replies
View Related
Mar 29, 2010
I got some entries in my auth log that I am puzzled by. What could be the cause? I was not using my machine at the time of the logging.
Code:
View 8 Replies
View Related
Jan 5, 2010
Like many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial.
View 3 Replies
View Related
Nov 9, 2010
I have been getting the following in the samba section of the log watch report for the past few days. But don't know what it means.
[Code]....
and more. What does it mean? Does it mean any attempt to hack or is it some kind of status update? If this is not a threat and can be suppressed, how can I do this?
View 2 Replies
View Related
Jun 10, 2011
Failed login attempts are logged to syslog with the user id or login id set to UNKNOWN_USER or UNSET.Anybody know if this is configurable. I would rather it just pass the actual id that the user used. Doesn't matter if it exist or not, just want to know if someone is guessing at user names and what those user names are
View 1 Replies
View Related
Dec 11, 2010
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies
View Related
Jun 16, 2010
how to find USB enteries/ logs in linux
View 5 Replies
View Related
Apr 22, 2009
I have connected to my friends machine, for some reason . all the logs are wiped out . ?
CentOS .
There is nothing there? is this a unusual to Linux systems?
View 3 Replies
View Related
Mar 18, 2010
I cannot find one single UFW event anywhere. I have researched this and see that others have trouble finding these logs too. I have looked in every /var/log there is and I can't find one event. I have UFW enabled, default deny and logging set to medium from a previous logging low(in hopes this would create more events to be seen). In terminal, UFW is shown as active. I have been using Ubuntu for more than a year now and I recall seeing UFW events with every session in some /var/logs in Ubuntu 9.04 - I'm running 9.10 now. I have also tried looking throughout the system files and have found nothing. Is UFW not working properly or could I just not be experiencing any firewall events(not likely)?
View 9 Replies
View Related
Apr 26, 2011
If anyone knows where does ZEIGEIST put its logs. Is it in my home folder, or is it somewhere else. I have my home folder enrypted and this is really not very secure if someone can see those logs...So. Does ZEITGEIST put logs in my HOME folder or not?
View 7 Replies
View Related
Mar 18, 2011
I have in my hands a bunch of samba logs, about 24 different files and I was wondering if there was a tool that would go through them and organize them into something readable.I had a gander at Sawmill
View 2 Replies
View Related
