Vigilance & Error Logs

Alright. So it's all set up, but is it working? Well, your guess is as good as mine... ;-) But you can check your log files and root account email.

In it's default configuration, /etc/syslog.conf/ is set up so that:

/var/log/auth/ reports login failures. If you mistype your passwords as often as I do, you'll have some password failures and bad usernames.

/var/log/secure/ reports connection attempts. Again, if you mistype your passwords as often as I do, you'll have some innocent Authentication failures.

/var/log/messages/ is the collection point for most system messages. You'll find login attempts, switches to your root acount, the packet filtering logs you've enabled, and oh yes, those silly spoofing attempts that are so prevalent when the students are on vacation... ;-)

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred network auditing solution?