Find the answer to your Linux question:
Results 1 to 8 of 8
Hello, I'm trying to parse a syslog log and extract useful informations regarding security issues that have been logged. What information is it worth extracting in your opinion, except from ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2009
    Posts
    29

    syslog


    Hello,

    I'm trying to parse a syslog log and extract useful informations regarding security issues that have been logged.
    What information is it worth extracting in your opinion, except from ssh related lines?

    Regards.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    IPTABLES and failed logins would be some that I would look for.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Nov 2009
    Posts
    29
    Ok, thanks for the answer.
    What do datas related to iptables and failed logins look like in syslog lines?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    For IPTABLES it would be what ever you designed IPTABLES to log. For Failed logins you can attempt to login as another user and enter the wrong password. Then check messages to see what it looks like.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #5
    Just Joined!
    Join Date
    Nov 2009
    Posts
    29
    I did try to log in with a wrong password, but nothing was logged in var/log/syslog.

    Isn't there any site where I can see all the types of messages that can be sent for a specific matter, for example, let's say system authentication successes / failures.
    In order to parse syslog properly, I need to see all the different messages that can be sent.
    I'm just a beginner and I'd like to do it myself, for training purposes.

  7. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Well failed loggins would most likely be sent to secure log file while iptables would most likely be sent to messages.

    As to a web page have you used GOGGLE and searched?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #7
    Just Joined!
    Join Date
    Nov 2009
    Posts
    29
    Thanks for your answering, but I'm sorry, I didn't fully understand it. What do secure log file and messages refer to, and where do I find them on my computer ?
    Yeah I've used google quite a lot, and I only found applications that are too complex for me to understand their source code.
    I'd just like to know where I can find information about all the different syslog messages that can be displayed for one specific topic (I don't mind which), so that I can parse it correctly.

  9. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    All log files should be in /var/log. As to finding more information GOOGLE is your friend.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •