[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] [RaQ3] Easy way to check log files

Subject: Re: [cobalt-security] [RaQ3] Easy way to check log files
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Tue, 18 Sep 2001 08:58:46 -0400
Organization: Befriend Internet Services LLC
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

"Render-Vue" <sales@xxxxxxxxxxxxxx> wrote:
> Religiously every day - twice a day we use webmin and check the following
> logs:-
>
> /var/log/messages
> /var/log/secure
> /var/log/maillog
> /var/log/xferlog

Like Jim suggested, check out logcheck.  Also, if you're not already
familiar with some of the basic shell commands, get familiar with logging in
through the shell and spend some time working with an online Linux tutorial.
If you're looking for something in particular "grep" is pretty handy.
Here's an example.

grep -a1 -b2 "error" /var/log/mailog | grep -v "steve"

The line above returns all lines containing "error" and the line above each
of those lines (-a1) and the two lines following each of those lines (-b1)
and then excludes any line containing "steve".  "man grep" from the shell
(SSH, telnet) for more info.  Of course, there's plenty more you can do with
grep and plenty more commands available which can be piped "|" to additional
commands to execute some powerful commands.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
Visit http://www.goodoverevil.com/

References:
- [cobalt-security] [RaQ3] Easy way to check log files
  - From: Render-Vue

Prev by Date: [cobalt-security] Re: cobalt-security digest, Vol 1 #513 - 9 msgs
Next by Date: [cobalt-security] Re: cobalt-security digest, Vol 1 #512 - 1 msg
Previous by thread: RE: [cobalt-security] [RaQ3] Easy way to check log files
Next by thread: [cobalt-security] SSH Issues

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index