LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 06-09-2008, 09:54 PM   #1
khaos83
Member
 
Registered: Dec 2007
Posts: 97

Rep: Reputation: 15
SUSE 10.3: How to enable logging for network activity and etc


I want to have all network activity going into and out of my SUSE 10.3.
And also sshd sessions, successful and failed authentication and sessions.
Remote Administration too.

This means I should select LOG ALL at yast2 firewall?
Then which log file should I look at? At /var/log?
 
Old 06-11-2008, 08:04 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,374
Blog Entries: 54

Rep: Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872
Quote:
Originally Posted by khaos83 View Post
I want to have all network activity going into and out of my SUSE 10.3. And also sshd sessions, successful and failed authentication and sessions. Remote Administration too.
I don't use SuSE and I don't know YAST. However basics remain the same: logging "basic" network traffic details only requires iptables -j LOG rules for all chains, and SSH sessions get logged using PAM (/etc/pam.d/ssh.*). "Remote Administration" is just a term and does not refer to a specific method. Ask yourself *how*, or using what means, "remote administration" is done and you'll soon recognise the services, software and authentication methods that are involved.


Quote:
Originally Posted by khaos83 View Post
This means I should select LOG ALL at yast2 firewall? Then which log file should I look at? At /var/log?
Anything logged through the kernel, unless configured otherwise, will be handled by syslog. So looking at /etc/syslog.conf or equivalent, should show. Services and processes that have their own configuration files may use the Syslog facilities or use their own logfiles. In closing the easiest ways IMHO to see which logfiles in a directory are in use are: 'lsof -w -n +D/var/log|awk '{print $NF}'|sort|uniq' (fast) and 'find /var/log -type f -print0 2>/dev/null|xargs -0 -iL fuser 'L'' (slow).


HTH
 
Old 06-12-2008, 12:53 AM   #3
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,666

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
...Anything logged through the kernel, unless configured otherwise, will be handled by syslog. So looking at /etc/syslog.conf or equivalent, should show. Services and processes that have their own configuration files may use the Syslog facilities or use their own logfiles. ...
Hmm. Just curious, but there is ulogd for iptables. Does it work through syslog as well?
 
Old 06-12-2008, 06:40 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,374
Blog Entries: 54

Rep: Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872
Good point mentioning that. And if the docs say it will, then why wouldn't it?
 
Old 06-12-2008, 06:52 AM   #5
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,666

Rep: Reputation: Disabled
Who knows? Do they? The docs I read didn't mention the type of mechanism used by the ulog target to acually write the log. But then, SuSE 10.0 didn't include ulogd, so my research might have stayed too cursory...
 
Old 06-12-2008, 07:30 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,374
Blog Entries: 54

Rep: Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872
Yes they do.
 
Old 06-14-2008, 12:09 AM   #7
leandean
Member
 
Registered: Oct 2005
Location: Burley, WA
Distribution: Sabayon
Posts: 276

Rep: Reputation: Disabled
Look at /etc/syslog-ng/syslog-ng.conf. It's well commented and references more documentation.
 
Old 06-16-2008, 04:05 AM   #8
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,666

Rep: Reputation: Disabled
Thanks for the info to both of you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Howto to enable logging in Knoppix 3.8? bigrigdriver Linux - Software 5 10-05-2005 09:38 PM
Samba Activity Logging brianbek Linux - Networking 3 03-15-2005 08:47 PM
how do I enable logging in iptables for FC2? alizard Linux - Security 5 03-06-2005 05:18 AM
suse 9.2: bursts of network activity jax8 Linux - Networking 3 12-30-2004 06:50 AM
Do you enable full sendmail logging? hbt Linux - Software 1 12-19-2004 03:06 PM


All times are GMT -5. The time now is 03:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration