unSpawn |
06-11-2008 08:04 AM |
Quote:
Originally Posted by khaos83
(Post 3179937)
I want to have all network activity going into and out of my SUSE 10.3. And also sshd sessions, successful and failed authentication and sessions. Remote Administration too.
|
I don't use SuSE and I don't know YAST. However basics remain the same: logging "basic" network traffic details only requires iptables -j LOG rules for all chains, and SSH sessions get logged using PAM (/etc/pam.d/ssh.*). "Remote Administration" is just a term and does not refer to a specific method. Ask yourself *how*, or using what means, "remote administration" is done and you'll soon recognise the services, software and authentication methods that are involved.
Quote:
Originally Posted by khaos83
(Post 3179937)
This means I should select LOG ALL at yast2 firewall? Then which log file should I look at? At /var/log?
|
Anything logged through the kernel, unless configured otherwise, will be handled by syslog. So looking at /etc/syslog.conf or equivalent, should show. Services and processes that have their own configuration files may use the Syslog facilities or use their own logfiles. In closing the easiest ways IMHO to see which logfiles in a directory are in use are: 'lsof -w -n +D/var/log|awk '{print $NF}'|sort|uniq' (fast) and 'find /var/log -type f -print0 2>/dev/null|xargs -0 -iL fuser 'L'' (slow).
HTH
|