SUSE 10.3: How to enable logging for network activity and etc
SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SUSE 10.3: How to enable logging for network activity and etc
I want to have all network activity going into and out of my SUSE 10.3.
And also sshd sessions, successful and failed authentication and sessions.
Remote Administration too.
This means I should select LOG ALL at yast2 firewall?
Then which log file should I look at? At /var/log?
I want to have all network activity going into and out of my SUSE 10.3. And also sshd sessions, successful and failed authentication and sessions. Remote Administration too.
I don't use SuSE and I don't know YAST. However basics remain the same: logging "basic" network traffic details only requires iptables -j LOG rules for all chains, and SSH sessions get logged using PAM (/etc/pam.d/ssh.*). "Remote Administration" is just a term and does not refer to a specific method. Ask yourself *how*, or using what means, "remote administration" is done and you'll soon recognise the services, software and authentication methods that are involved.
Quote:
Originally Posted by khaos83
This means I should select LOG ALL at yast2 firewall? Then which log file should I look at? At /var/log?
Anything logged through the kernel, unless configured otherwise, will be handled by syslog. So looking at /etc/syslog.conf or equivalent, should show. Services and processes that have their own configuration files may use the Syslog facilities or use their own logfiles. In closing the easiest ways IMHO to see which logfiles in a directory are in use are: 'lsof -w -n +D/var/log|awk '{print $NF}'|sort|uniq' (fast) and 'find /var/log -type f -print0 2>/dev/null|xargs -0 -iL fuser 'L'' (slow).
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Rep:
Quote:
Originally Posted by unSpawn
...Anything logged through the kernel, unless configured otherwise, will be handled by syslog. So looking at /etc/syslog.conf or equivalent, should show. Services and processes that have their own configuration files may use the Syslog facilities or use their own logfiles. ...
Hmm. Just curious, but there is ulogd for iptables. Does it work through syslog as well?
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Rep:
Who knows? Do they? The docs I read didn't mention the type of mechanism used by the ulog target to acually write the log. But then, SuSE 10.0 didn't include ulogd, so my research might have stayed too cursory...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.