Electronic Books

In Fedora systems, that means adding a -r option to the
SYSLOGD_OPTIONS variable in the /etc/sysconfig/syslog file and restarting the syslog service
(service syslog restart). The loghost must also have UDP port 514 accessible to be used by
syslogd (check the /etc/services file), so you might need to add a firewall rule to allow that.
Understanding the messages Log File
Because of the many programs and services that record information to the messages log file, it is
important that you understand the format of this file. You can get a good early warning of problems
developing on your system by examining this file. Each line in the file is a single message recorded
by some program or service. Here is a snippet of an actual messages log file:
Feb 25 11:04:32 toys network: Bringing up loopback interface: succeeded
Feb 25 11:04:35 toys network: Bringing up interface eth0: succeeded
Feb 25 13:01:14 toys vsftpd(pam_unix)[10565]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=10.0.0.5 user=chris
Feb 25 14:44:24 toys su(pam_unix)[11439]: session opened for
user root by chris(uid=500)
217
Securing Linux 6
This is really very simple when you know what to look for. Each message is divided into five main
parts. From left to right, they are:
 The date and time that the message was logged
 The name of the computer from which the message came
 The program or service name to which the message pertains
 The process number (enclosed in square brackets) of the program sending the message
 The actual text message
Take another look at the preceding file snippet.


Pages:
450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474