System Logs
Reviewing, analyzing, and acting on system logs is a must and is an integral part of the security process discussed in Chapter 1, “Enterprise Security Framework.” The following log files should be carefully and periodically reviewed for any suspicious records, and appropriate actions should be immediately taken.
syslog
Most UNIX software uses syslog (the system logging daemon) for logging. syslog is configured using /etc/syslog.conf. By default, /var/adm/messages is used to log the majority of events. Another file, /var/log/syslog, is used to log mail-related events.
Depending on the particular role of the system you are configuring, a different syslog configuration might be required. The ideal amount of logging should provide enough ...
Get Solaris 8 Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
