LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   SUSE / openSUSE (https://www.linuxquestions.org/questions/suse-opensuse-60/)
-   -   SUSE 10.3: How to enable logging for network activity and etc (https://www.linuxquestions.org/questions/suse-opensuse-60/suse-10-3-how-to-enable-logging-for-network-activity-and-etc-648179/)

khaos83 06-09-2008 09:54 PM

SUSE 10.3: How to enable logging for network activity and etc
 
I want to have all network activity going into and out of my SUSE 10.3.
And also sshd sessions, successful and failed authentication and sessions.
Remote Administration too.

This means I should select LOG ALL at yast2 firewall?
Then which log file should I look at? At /var/log?

unSpawn 06-11-2008 08:04 AM

Quote:

Originally Posted by khaos83 (Post 3179937)
I want to have all network activity going into and out of my SUSE 10.3. And also sshd sessions, successful and failed authentication and sessions. Remote Administration too.

I don't use SuSE and I don't know YAST. However basics remain the same: logging "basic" network traffic details only requires iptables -j LOG rules for all chains, and SSH sessions get logged using PAM (/etc/pam.d/ssh.*). "Remote Administration" is just a term and does not refer to a specific method. Ask yourself *how*, or using what means, "remote administration" is done and you'll soon recognise the services, software and authentication methods that are involved.


Quote:

Originally Posted by khaos83 (Post 3179937)
This means I should select LOG ALL at yast2 firewall? Then which log file should I look at? At /var/log?

Anything logged through the kernel, unless configured otherwise, will be handled by syslog. So looking at /etc/syslog.conf or equivalent, should show. Services and processes that have their own configuration files may use the Syslog facilities or use their own logfiles. In closing the easiest ways IMHO to see which logfiles in a directory are in use are: 'lsof -w -n +D/var/log|awk '{print $NF}'|sort|uniq' (fast) and 'find /var/log -type f -print0 2>/dev/null|xargs -0 -iL fuser 'L'' (slow).


HTH

JZL240I-U 06-12-2008 12:53 AM

Quote:

Originally Posted by unSpawn (Post 3181523)
...Anything logged through the kernel, unless configured otherwise, will be handled by syslog. So looking at /etc/syslog.conf or equivalent, should show. Services and processes that have their own configuration files may use the Syslog facilities or use their own logfiles. ...

Hmm. Just curious, but there is ulogd for iptables. Does it work through syslog as well?

unSpawn 06-12-2008 06:40 AM

Good point mentioning that. And if the docs say it will, then why wouldn't it?

JZL240I-U 06-12-2008 06:52 AM

Who knows? Do they? The docs I read didn't mention the type of mechanism used by the ulog target to acually write the log. But then, SuSE 10.0 didn't include ulogd, so my research might have stayed too cursory...

unSpawn 06-12-2008 07:30 AM

Yes they do.

leandean 06-14-2008 12:09 AM

Look at /etc/syslog-ng/syslog-ng.conf. It's well commented and references more documentation.

JZL240I-U 06-16-2008 04:05 AM

Thanks for the info to both of you.


All times are GMT -5. The time now is 02:15 AM.