Lesson 13

Date: 7/3/2017
Application security and Intrusion detection
Linux System Administration


Log redirection and analysis

  • Redirecting system logs to a remote secure server. /etc/rsyslog.conf (CentOS) for remote logging:
    # Send all messages to remote system "loghost"
    *.*		@loghost
    

  • The "loghost" should be a resolvable machine host name or IP address.

  • Logs can be analysed with logwatch.
    /usr/sbin/logwatch --help
    
    Example:
    /usr/sbin/logwatch --detail High --range Today 
    



  • Take me to the Course Website