Find the answer to your Linux question:
Results 1 to 4 of 4
A thread on firewalls in the Coffee Lounge section made me realize that I have no idea how to monitor if my online computer is being probed or attacked or ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User
    Join Date
    Aug 2005
    Posts
    408

    What's the best way to monitor a system for attacks?


    A thread on firewalls in the Coffee Lounge section made me realize that I have no idea how to monitor if my online computer is being probed or attacked or whatever. I tried googling, assuming there were programs out there that did this, but I couldn't come up with much (possibly because I'm not sure the right terminology to use to look for an answer). Anyway, are there system logs that record all of this in a way I could figure out or do I need a program to monitor the system for attacks?


    Thanks for your help.

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,132
    check out /var/log , you will find most of what you need here. Just use grep to find keywords. An example of something I use woud be -
    Code:
    grep -ir warning *
    grep -ir ssh *
    grep -ir breakin
    You can check for any keywords you like this way.

  3. #3
    Linux User
    Join Date
    Aug 2005
    Posts
    408
    Awesome. I think I was using bad terms to search for an answer.

    Thanks.

  4. #4
    Linux Newbie framp's Avatar
    Join Date
    Jul 2006
    Location
    Stuttgart, Germany
    Posts
    240
    Quote Originally Posted by eraker
    ...do I need a program to monitor the system for attacks?...
    Search for snort
    "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •