Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Best way of System Logging and Auditing?
Top Forums UNIX for Dummies Questions & Answers Best way of System Logging and Auditing? Post 302465007 by Neo on Thursday 21st of October 2010 12:27:26 PM
Old 10-21-2010
Quote:
Originally Posted by pinga123
As part of server hardening process i would like to know the Best way of System Logging and Auditing.
Following point should be taken into consideration.
Quote:
Originally Posted by pinga123
Logging of critical events
Normally, critical events for many (most) applications are written to syslog. If you want this to be secure, also log to a remote syslog server where access is limited. Burn syslog files to CDROM daily.

Quote:
Originally Posted by pinga123
Logging access to critical accounts
Same here. Pipe log files to another, so you are logging locally and remotely. Burn files to CDROM daily.

Quote:
Originally Posted by pinga123
Secure storage and availability of logs
In general, log both locally and to a remote server. Burn copies of log to CDROM daily (or more often, depending on application). Store CDs in a secure and fire proof area.

Quote:
Originally Posted by pinga123
Review of logs
Review logs daily. Run against automated processes that look for both signatures and anomalies
.
Quote:
Originally Posted by pinga123
Security of logs
See above.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

System Auditing

Hi all, Have been asked to learn up on providing Sytem Auditing on two SCO boxes. Where should I start and what pointers can anyone provide. Whilst I'm learning to look after these two SCO boxes, I'm also to eventually look after three Compaq DS20E True64 Unix boxes also in the near future. (2 Replies)
Discussion started by: Cameron
2 Replies

2. UNIX for Dummies Questions & Answers

File auditing

Hello everbody: I have a file on the system, I need to check who was the last user who accessed or modified it, and if i can get any further details i can get like IP or access time,etc. do you have any idea about simple concept or way i can do that in unix tru64 or solaris 9? thanks in advance... (2 Replies)
Discussion started by: aladdin
2 Replies

3. UNIX for Advanced & Expert Users

Auditing

:)I need a little help. I have sent all of our logs to our log server, but I can't send the audit logs that are in /var/log/audit.log. Can someone give me some type of idea to transfer these logs. Thank You (2 Replies)
Discussion started by: aojmoj
2 Replies

4. UNIX for Advanced & Expert Users

Solaris auditing (file access logging) for specific directory only.

Hello, We need to log the operations that specific user on Solaris 10 (SPARC) is performing on one directory and it's contents. I was able to configure solaris auditing service (auditd) and it works fine. The only problem is that auditd logs huge amount of unneeded information. We need to log... (0 Replies)
Discussion started by: +Yan
0 Replies

5. Post Here to Contact Site Administrators and Moderators

Constant Logging In (After Logging Out)

Hi Everyone. First, I want to thank all of you for letting me participate in this great group. I am having a bit of a problem. After I get an email from a responder, I login to make my reply. In the mean time I get another response by email from another member, I go to reply to them and I... (6 Replies)
Discussion started by: Ccccc
6 Replies

6. AIX

AIX auditing

I have a question relating with AIX auditing Question is can we set Auditing on a particular file in AIX for a particular application only? Let say I have a file name "info.jar" and I have three application named APP1, APP2 & APP3 which are accessing that file so I want to know that which... (0 Replies)
Discussion started by: m_raheelahmed
0 Replies

7. Solaris

Sol10 + OpenLDAP = excessive logging & full file system??!!

Hello all, new to this forum (member of many others). Hopefully I can find help here. SERVER: Brand new server Oracle Enterprise SPARC T4-1 Loaded Solaris SPARC 10 u10, patched to 147440-27 Loaded OpenLDAP v2.4.30 Loaded Berkley DB 4.7.25.NC Loaded OpenSSL 1.0.1c Note: All packages are... (2 Replies)
Discussion started by: Wraith_G2IC
2 Replies

8. UNIX for Dummies Questions & Answers

Problem with structure of authlog in regard to an external log Auditing system.

Hello everyone, I hope I'm posting my question in the right section as it is not too easy to find the ideal spot for this one, especially for a brandspankingnew user of this forum. As this might be something simple I chose the Dummy section. By all means, feel free to move the post if not at... (4 Replies)
Discussion started by: Sjleegketting
4 Replies

9. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

10. Solaris

Configuring Auditing

Hello Solaris Team, We would like to implement some audit policy (using a log file) in Solaris 10 in order to record the following data in columns per all users: 1. Date 2. Time 3. User 4. Command executed 5. Terminal 6. IP Address Could you please help me in order to... (2 Replies)
Discussion started by: csierra
2 Replies
All times are GMT -4. The time now is 06:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy