LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-07-2012, 08:59 AM   #1
wasim_jd
LQ Newbie
 
Registered: Dec 2011
Posts: 12
Blog Entries: 1

Rep: Reputation: Disabled
Log Management


Hi can any one assist me in knowing the following, if the logs are recorded could you please tell me the location as well..
Log Underlying Requirements
1.What Activity was performed ? (eg: login of user or enable/ disable network port etc)
2.What were tool(s) activity was performed with ? (eg. 3.Administrator tool, Windows tools, rlogin, Gzip etc)
4.What is the status of the activity (Success or Failure), outcome or result of activity ?
5.Who performed the activity, including where or what system the activity was performed? (eg root, admin or application system)
6.Why was the activity performed?
7.When was the Activity performed?

Activity To be Logged


1."Create, read, update, or delete confidential information, including
confidential authentication information such as passwords;"
2.Create, update, or delete information not covered in #7;
Initiate a network connection;
Accept a network connection;
3. User authentication and authorization for activities covered in #7 or #8 such as user login and logout;
4.Grant, modify, or revoke access rights, including adding a new user or group, changing user privilege levels, changing file permissions, changing database object permissions, changing firewall rules, and user password changes;
5. System, network, or services configuration changes, including installation of software patches and updates, or other installed software changes;
6.Application process startup, shutdown, or restart;
7."Application process abort, failure, or abnormal end, especially due to resource
exhaustion or reaching a resource limit or threshold (such as for CPU, memory,
network connections, network bandwidth, disk space, or hardware fault; and"
8.Detection of Suspicious/ malicious activity from the IPS or IDS
9.Detection of Suspicious/malicious activity from the Antivirus or Antispyware system.

iii.Elements of Logs

1." Type of action examples include authorize, create, read, update, delete, and
accept network connection."
2." Subsystem performing the action examples include process or transaction
name, process or transaction identifier."
3."Identifiers (as many as available) for the subject requesting the action examples
include user name, computer name, IP address, and MAC address."
4." Identifiers (as many as available) for the object the action was performed on
examples include file names accessed, unique identifiers of records accessed in a database, query parameters used to determine records accessed in a database, computer name,"
5. Before and after values when action involves updating a data element, if feasible
6. Date and time the action was performed, including relevant time-zone
7. Whether the action was allowed or denied by access-control mechanisms.
8. Description and/or reason-codes of why the action was denied by the access-control mechanism, if applicable


Sorry for bothering....
 
Old 03-07-2012, 09:19 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
"The Activity"???

You're really expecting people to fill in all those answers for you? Good luck.
 
Old 03-07-2012, 09:23 AM   #3
wasim_jd
LQ Newbie
 
Registered: Dec 2011
Posts: 12
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
I do think the first part is enough it will cover all other....
Thanks for your expectation.
 
Old 03-07-2012, 09:25 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
And how are we supposed to do that? How can we, with no context whatsoever answer "What Activity was performed?" ??
 
Old 03-07-2012, 09:29 AM   #5
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,415

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
wasim_jd,

Are you able to open www.google.com on your system? If yes then why don't you first try with that?

Google will help you much enough for your this question....

Last edited by Satyaveer Arya; 03-07-2012 at 09:30 AM.
 
Old 03-07-2012, 09:31 AM   #6
wasim_jd
LQ Newbie
 
Registered: Dec 2011
Posts: 12
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Yes Satya I tried.... but I didnt find for some...
 
Old 03-07-2012, 09:32 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
OK, so what didn't you find? What kind of answers are you after? Do you even know?
 
Old 03-07-2012, 09:33 AM   #8
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,415

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
Ok Wasim, then what have you tried so far?
 
Old 03-07-2012, 09:37 AM   #9
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,415

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
I really didn't get what are you trying to do and what are you asking?
 
Old 03-07-2012, 09:51 AM   #10
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,933

Rep: Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692Reputation: 3692
Quote:
Originally Posted by wasim_jd View Post
I do think the first part is enough it will cover all other....
Thanks for your expectation.
Sorry, this is VERY clearly a homework assignment. Show some effort on your part...if you don't want to, then you should drop the class.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Qmail and log management skoinga Linux - Server 1 09-28-2010 02:12 PM
Log Management worm5252 Linux - Server 3 01-01-2010 12:40 PM
Log management keith2045 Linux - Software 4 01-29-2009 09:10 AM
LXer: Build a centralized log management and monitoring system LXer Syndicated Linux News 0 10-25-2006 02:24 AM
Hints about log management software: IPTABLES and SQUID Thakowbbery Linux - Networking 1 05-13-2006 03:17 AM


All times are GMT -5. The time now is 08:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration