I am searching that how i can configure syslogs/rsyslog to receive third party tools or softwares logs. For example i have a program that generates logs like when it is started and logs about its services, alerts if there are any alarms etc. I want to forward these logs using syslogs/rsyslog. Is their any possibility how can i achieve that
View 2 Replies
CentOS 5.6 Server patched to latest, multiple name-based apache virtual hosts. SELinux OFF Everything was working fine until the other day. I've been making quite a lot of changes so it may well be something I've done, but I can't find out what! Last night I got the following in my logwatch : -
Requests with error response codes
404 Not Found
/admin/phpmyadmin/scripts/setup.php: 1 Time(s)
/admin/pma/scripts/setup.php: 1 Time(s)
/admin/scripts/setup.php: 1 Time(s)
/db/scripts/setup.php: 1 Time(s)
/dbadmin/scripts/setup.php: 1 Time(s)
[Code]...
The problem is that NONE of my logs, secure, httpd, messages, NONE of them, show any trace of these hacking attempts. They used to show up in secure and apache error logs, but no longer.
I am thinking about installing rsyslog using yum, but I only want to try it out first and don't want to create conflicts and problems that will be hard to revert. When I ask yum on CentOS 5 about rsyslog, I get this (note much older version - it's too bad that even the latest STABLE rsyslog isn't in the repository):
[Code]....
I was wondering how could I specify for how long the logs will be kept. Rsyslog doesn't have such an option (at least I didn't find it).Do I have to use logrotate for this, or is there some other option?
View 1 Replies View RelatedI try to log all my iptable logs to mysql instead just a logfile. The setup is as followed:
[Code].....
[red]Problem[/red] rsyslog logs everything correct, except it does not log to db, it logs to /var/log/messages. As I am brand new to the whole Linux experience, I don't get it. My /etc/rsyslog.conf is setup with $ModLoad onmysql.
For internal security reasons I need to prevent ourmcat logs from writing to the webserver local disk. We set up a separate logging server with rsyslog and need to pipe the log data to it.I am trying to work out how to configure tomcat to send all log data to the logging server via the rsyslog client (running locally) via a named pipe. We are on CentOS 5.6, Tomcat 6 and rsyslog 5.8.1. I need to know: 1) do we use the default logging library or log4j2) where is this configured in the tomcat config3) is there any code that would need to be written to achieve this
View 1 Replies View RelatedHow i can configure syslogs/rsyslog to receive third party tools or softwares logs. For example i have a program that generates logs like when it is started and logs about its services, alerts if there are any alarms etc. I want to forward these logs using syslogs/rsyslog.
View 4 Replies View Relatedi installed php-syslog-ng 2.9.8m in RHEL5 box. I saw logs from the local machine once the cron execute in every one minute.I dont need to appear those in my syslog console. I want to disable these from my linux box.How can i archive this
View 1 Replies View Relatedconfigure syslog server on ubuntu now i want to export logs of windows and ubuntu desktop to the syslog server
View 6 Replies View RelatedI'm running Ubuntu Desktop 9.10. How do I get it to forward its logs to a syslog server (its running on a different machine)?
View 2 Replies View RelatedFor remote syslog logging of the general log files, I set:
Quote:
How do I setup the remote syslog logging of apache logs? Do I just add a line in the httpd.conf file to for example ?:
Quote:
I installed syslog-ng so I can receive remote logs. this is working however since I disabled syslog on my syslog-ng server I am not logging in /var/log/messages cron and some others.locally)I know this is because my syslog-ng.conf only references remote and not local.How can I edit the syslog-ng.conf file so that I can receive remote and local? I tried this however when adding in portions of the default config, I only receive local and not remote logs anymore. I am forwarding my config.
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
[code]....
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
OS CentOS 5.4 I have a DNS server that is logging all named and dns requests to the chrooted named directory. By default named logs to /var/log/messages but I want to isolate all the dns queries and requests to separate files. I know I can add entries to /etc/syslog.conf to "roll" the logs and logrotate should pick them up but fuzzy as to the syntax. I don't know what "tag" to use in the first fieild. for example
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none/var/log/messages
Here is the logging section of my named.conf
# pwd
# /var/named/chroot/etc
logging
{
[code]....
how does one configure a Ubuntu 10.4 machine to write its logs to a syslog server?
View 1 Replies View RelatedAs I'm interested in user-behaviour-information-security I would like to know what I�ll have to turn off or to uninstall to make the ubuntu-pc-usage as anonymous as possible (no musicbrainz, cddb, or alike).I want ubuntu not to send any data to third-party-users.
View 6 Replies View Relatedlove security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies View RelatedI just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
View 5 Replies View RelatedI'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ? If yes, what sort of FTP application to install in your Linux webserver?
View 7 Replies View RelatedMy squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedIs there a way to send syslog messages through SNMP? I'm not finding much info online around this. A co-worker said it was easy to do. RHEL5.5
View 1 Replies View RelatedI was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
I have my system set up to where the router(dd-wrt) will send it's syslog messages to my Linux PC system. I am using shorewall as my firewall. I have two questions: How can I configure shorewall to allow the messages from my router? If I use my router IP address to allow the messages to come through the firewall, will this be a great security risk as anything from the internet can come through on that router ipaddress?
View 1 Replies View RelatedIn order to mitigate risks linked to the use of the classic syslog protocol (spoof, replay, tampering, lost messages...) I am looking for a product implementing the syslog-sign capability: [URL] which is still a draft in the IETF for the moment. On NetBSD, the sylog daemon is able to run this feature: [URL]. Did anybody tried this feature on a Linux system?
View 1 Replies View RelatedI am looking to build a dedicated syslog-SNMP server with remote web interface and I would appreciate a discussion from our community on recommending the best solutions to deploy. I would like to be able to create an opensource architecture I could easily duplicate for multiple stand-alone customer environments.
View 1 Replies View RelatedIs it possible to configure the RHEL 5.5 syslog to accept SNMP traps? That is I want to use a central logging server to pick up other systems syslogs, and SNMP messages from systems that cannot use remote syslog functions.
View 3 Replies View RelatedFailed login attempts are logged to syslog with the user id or login id set to UNKNOWN_USER or UNSET.Anybody know if this is configurable. I would rather it just pass the actual id that the user used. Doesn't matter if it exist or not, just want to know if someone is guessing at user names and what those user names are
View 1 Replies View RelatedI am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies View Relatedhow to find USB enteries/ logs in linux
View 5 Replies View RelatedI have connected to my friends machine, for some reason . all the logs are wiped out . ?
CentOS .
There is nothing there? is this a unusual to Linux systems?
