LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   reading logs (https://www.linuxquestions.org/questions/linux-security-4/reading-logs-595509/)

taydu3000 10-29-2007 11:30 AM
reading logs
 
Hello all,

I'm new to linux so please bear with me.

I have a dedicate Centos 4.5 server and want to know how to read log to see if anyway try to gain access to the server, and hopefully can prevent it before for it get worst.

win32sux 10-29-2007 11:42 AM
You can look at a log in "real-time" with the tail command. Example:
Code:
tail -f /var/log/syslog
You can also use the ubiquitous text tools such as grep, awk, etc. to find specific lines you are interested in. That said, there's only so much you as a human can do by looking at log files. You will typcially be much more productive by having the computer look at them for you, and having it report to you on its findings. It can also take certain actions when it finds certain things in the logs. There's many tools that do this, here's two examples: Logwatch and Swatch. If you want more specific help regarding intrusion attempt detection by looking at log files, you'll need to specify which program's logs you are referring to.

taydu3000 10-29-2007 12:34 PM
thank for your reply.

I tried:

Quote:
tail -f /var/log/syslog
but got an error

reading: no such file or directory tatil: no file remaining

there aren't log apps on the server right now. I want to instal logwatch on centos. Do you have any tutorial guide to do this ??? I google a while but nothing help came up.

thanks


All times are GMT -5. The time now is 04:19 PM.