LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Log Management (https://www.linuxquestions.org/questions/linux-newbie-8/log-management-933207/)

wasim_jd 03-07-2012 07:59 AM

Log Management
 
Hi can any one assist me in knowing the following, if the logs are recorded could you please tell me the location as well..
Log Underlying Requirements
1.What Activity was performed ? (eg: login of user or enable/ disable network port etc)
2.What were tool(s) activity was performed with ? (eg. 3.Administrator tool, Windows tools, rlogin, Gzip etc)
4.What is the status of the activity (Success or Failure), outcome or result of activity ?
5.Who performed the activity, including where or what system the activity was performed? (eg root, admin or application system)
6.Why was the activity performed?
7.When was the Activity performed?

Activity To be Logged


1."Create, read, update, or delete confidential information, including
confidential authentication information such as passwords;"
2.Create, update, or delete information not covered in #7;
Initiate a network connection;
Accept a network connection;
3. User authentication and authorization for activities covered in #7 or #8 such as user login and logout;
4.Grant, modify, or revoke access rights, including adding a new user or group, changing user privilege levels, changing file permissions, changing database object permissions, changing firewall rules, and user password changes;
5. System, network, or services configuration changes, including installation of software patches and updates, or other installed software changes;
6.Application process startup, shutdown, or restart;
7."Application process abort, failure, or abnormal end, especially due to resource
exhaustion or reaching a resource limit or threshold (such as for CPU, memory,
network connections, network bandwidth, disk space, or hardware fault; and"
8.Detection of Suspicious/ malicious activity from the IPS or IDS
9.Detection of Suspicious/malicious activity from the Antivirus or Antispyware system.

iii.Elements of Logs

1." Type of action – examples include authorize, create, read, update, delete, and
accept network connection."
2." Subsystem performing the action – examples include process or transaction
name, process or transaction identifier."
3."Identifiers (as many as available) for the subject requesting the action – examples
include user name, computer name, IP address, and MAC address."
4." Identifiers (as many as available) for the object the action was performed on
– examples include file names accessed, unique identifiers of records accessed in a database, query parameters used to determine records accessed in a database, computer name,"
5. Before and after values when action involves updating a data element, if feasible
6. Date and time the action was performed, including relevant time-zone
7. Whether the action was allowed or denied by access-control mechanisms.
8. Description and/or reason-codes of why the action was denied by the access-control mechanism, if applicable


Sorry for bothering.... :)

acid_kewpie 03-07-2012 08:19 AM

"The Activity"???

You're really expecting people to fill in all those answers for you? Good luck.

wasim_jd 03-07-2012 08:23 AM

I do think the first part is enough it will cover all other....:)
Thanks for your expectation.

acid_kewpie 03-07-2012 08:25 AM

And how are we supposed to do that? How can we, with no context whatsoever answer "What Activity was performed?" ??

Satyaveer Arya 03-07-2012 08:29 AM

wasim_jd,

Are you able to open www.google.com on your system? If yes then why don't you first try with that?

Google will help you much enough for your this question....

wasim_jd 03-07-2012 08:31 AM

Yes Satya I tried.... but I didnt find for some...

acid_kewpie 03-07-2012 08:32 AM

OK, so what didn't you find? What kind of answers are you after? Do you even know?

Satyaveer Arya 03-07-2012 08:33 AM

Ok Wasim, then what have you tried so far?

Satyaveer Arya 03-07-2012 08:37 AM

I really didn't get what are you trying to do and what are you asking?

TB0ne 03-07-2012 08:51 AM

Quote:

Originally Posted by wasim_jd (Post 4620833)
I do think the first part is enough it will cover all other....:)
Thanks for your expectation.

Sorry, this is VERY clearly a homework assignment. Show some effort on your part...if you don't want to, then you should drop the class.


All times are GMT -5. The time now is 04:49 PM.