O'Reilly logo

Security Warrior by Anton Chuvakin, Cyrus Peikari

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

System Logging

Unix acquired a system-logging function early in its development. System logging is implemented as a syslog daemon[4] that receives messages sent by various programs running on the system. In addition, other computer and network devices, such as routers, can send log messages to the logging server. System logging is extremely valuable for many purposes, from troubleshooting hardware to tracking malicious attacks—provided somebody is actually reading the system logfiles. Here's an excerpt showing several messages received by a syslog daemon on the machine "examhost". The logfile records the date and time of the message, the name of the computer that sent it, the program that produced the message, and the text itself:

Dec 13 10:19:10 examhost sshd[470]: Generating new 768 bit RSA key.
Dec 13 10:19:11 examhost sshd[470]: RSA key generation complete.
Dec 13 10:20:19 examhost named[773]: sysquery: findns error (NXDOMAIN) on dns.
example.edu?
Dec 13 10:21:01 examhost last message repeated 4 times
Dec 13 10:26:17 examhost sshd[20505]: Accepted password for user from 24.147.219.231 
port 1048 ssh2
Dec 13 10:26:17 examhost PAM_unix[20505]: (system-auth) session opened for user anton 
by (uid=0)
Dec 13 10:30:28 examhost PAM_unix[20562]: (system-auth) session opened for user root 
by anton(uid=501)
Dec 13 10:35:10 examhost2 sshd[456]: Generating new 768 bit RSA key.

In this example, you can see there was a login via SSH. In addition, you can see some problems with the DNS server, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required