Queston about logs, related to security

pembo13 · 09-23-2003, 05:11 PM

Hello to all,

My question is, is it possible in RedHat 9.0 to consolidate and gather log data on and from:

-Iptables
-Apache
-Remote Logins (ftp, ssh, telnet, etc.)

Preferably as an alternative from goign into my System log where it gets mingled with not as important yet more inquired upon data. And also so that when ever i'm worried about a threat I can simply check there.

Please advise me whether such or similar alternative is possible.
Thank you.

unSpawn · 09-23-2003, 05:39 PM

First of all you can have separate logs if
- the application supports it. for instance Apache allows you to write logs to separate files, or if
- the application can use what's called "custom log facilities". "man syslog_conf" for more, else if
- the application doesn't support the options above, then run a logparser like Swatch or Logwatch.

pembo13 · 09-23-2003, 05:51 PM

Thanks for your response. I'm aware of the 1st and 3rd alternative you suggeested.

But my main request is to haev all these in one file if possible. I'd like to confirm that as a possbilty or not.

Thank you

unSpawn · 09-25-2003, 04:40 PM

But my main request is to haev all these in one file if possible.
If the app supports (custom) log facilities, or supports PAM, yes.
Btw, you shouldnt use telnet tho.

pembo13 · 09-25-2003, 05:16 PM

Ok cool,

Any suggestiosn for custom log facilities?

And thanks, I know about telnet, just wanted to exaggerate my list since I've enver used rlogin. I have telnet on, but the port is blocked to the outside.

Oh.....any suggestions also for PAM docs and how to's?

Thanks alot.