UNIX for Dummies Questions & Answers

Solaris v5.6
What log files should be checked out as part of your sys admin daily routine?
I've printed out my syslog.conf file, and looked in /var/log and found authlog, syslog, and POPlog. I know of /var/adm/messages.
What others should I be looking for?

I know of the "find" command. I want to find core files. How should I search to find a core file? Also, I seen a thread that mentioned you should determine what generated the core file. Any hints on how you would determine what generated the core file would be appreciated.

you should look at anything you think should be important to the stability of your system.

i think you really need to take a look at the information that is avaliable to you befor you ask a question.

man core
man find

ohh and use the search utility on this site it is there so you can help yourself.

>>you should look at anything you think should be important to the stability of your system.

I specified what log files I was aware of. I'm asking are there other system log files that I did not specify that one should be aware of, and checking?

You know, I find this to be a very informative site. I've just started using it. I've posted up few times now and received very helpful information back. And, I have searched through some of the threads. And, I'm aware along with others, that the search function is available for one to help themselves. A common theme in a few of the threads on this forum, as well as other forums today, seems to be this "superior than thou" attitude among a few of the moderators. "See rule # 6, I think you really need to take a look at the information that is avaliable to you befor you ask a question. ohh and use the search utility on this site it is there so you can help yourself." Perhaps you really need to take a look at whether you should continue to be a moderator. Those that don't know should ask, those that reply should offer a helpful answer, not sarcasm, especially a moderator. I've been around the I.T. business long enough now to remember when Wildcat was the BBS of choice and Usenet was the place to search. In the early days, we tried to help one another. The answer may have been incomplete, but it would not have been sarcastic.

Westy564,

You make some valid points - but - reply to 100 new threads about "how do I tie my shoes" and you may sound a bit like some of the moderators. One of the big problems is that folks don't know where the rules are and aren't forced there first. So they don't know about them and we have to tell them. Another problem is lazy people who only want the answers given to them - they don't want to research.

The moderators don't get paid for this - I believe they do the best they can - sometimes I have to just not connect to this site when I get fed up with the things we sometimes put up with.

As far as your "find core files" - check out the man page on find so you will understand better how it works - try the command on a test system first.
$ find ./ -name "core" -exec rm {} \;
Watch your spacing - if you mess up the spacing on rm {} \; you could remove files you didn't want to.

To check what a core file came from - use the file command.

Understanding system log files on a Solaris 2.x operating system
... I know it's for 2.x, but maybe you'll find it useful

Securing Solaris - Using syslogs during an Intrusion
... Look part way down the page

Sun Product Documentation
... Lots of useful information

Google

>>you should look at anything you think should be important to the stability of your system.

As an addition to what Optimus_P said, I think there are potentially a ton of log files. If the mail system is critical to your company, you'd want to check it daily. If you don't use that function, then you wouldn't need to check it.

And don't start on the homework questions. Sometimes you just know.

I agree with your points about lazy people and what the moderators have to put up with as being very valid. Your not paid and it requires a lot of patience. In addition the time you do put into the forum could be spent doing just about anything else.

A lot of us in the I.T. business today find ourselves thrust into positions where we have little background, we're offered no training, not enough time in the day to take care of the servers we're already responsible for, and yet your expected to become the instant expert. We do search the forums, or google to find answers to problems we face. We are willing to read the documents or do the research. What we need for the most part is for someone who knows, to simply put our feet on the right path so we can walk down it. The man pages for example. And, at times we also need the quick fix. The boss is standing behind you and wants an answer and you don't have a clue as to where to start looking. So you post up in the forums and hope that someone has mercy and shares with you, either the answer, or at least the path. Anyway thanks for the tip on the core files, it's much appreciated.

I find myself in this position, my /var/adm/messages file says that "sshd: fatal: local: This server does not support your new ssh version." I know ssh stands for secure shell, I know my sshd daemon is running, it's suppose to be more secure than telnet, because telnet uses clear text. I know I'm running an early version of ssh that should be updated. I look on Cert's site and see that even the latest version of ssh still has holes in it that can be exploited. I know that hackers scan forums such as this one, for messages from people like me, so they can find potential victims. My boss wants to know have we been hacked, who's trying to use this version of ssh. Isn't there a log file you can search that will tell you when someone has logged into the system. My thoughts, gee, if they're smart enough to hack into the system, hack the root password, then they're smart enough to cover up their tracks. Maybe some training is in order here, if you want the answer to that question. Maybe we should be installing Tripwire or something like it to help monitor the system. Opps out of the question, the budget don't have dollars for training or Tripwire. Your so right when you say on some days it's not even worth showing up.

now you have posted a question that hasnt been answered.

you should look @ satan, cops, or possably tripwire.
there are an abundant amount of utilities on the market that can monitor a server for various styles of attacks.

its hard to determine if you have been hacked if you dont have anything in place to watch for abnormalities.

as far as being sarcastic. no. im just blunt and to the point.