syslog

[Elishac]

Hello,

I'm trying to parse a syslog log and extract useful informations regarding security issues that have been logged.
What information is it worth extracting in your opinion, except from ssh related lines?

Regards.

[Lazydog]

IPTABLES and failed logins would be some that I would look for.

[Elishac]

Ok, thanks for the answer.
What do datas related to iptables and failed logins look like in syslog lines?

[Lazydog]

For IPTABLES it would be what ever you designed IPTABLES to log. For Failed logins you can attempt to login as another user and enter the wrong password. Then check messages to see what it looks like.

[Elishac]

I did try to log in with a wrong password, but nothing was logged in var/log/syslog.

Isn't there any site where I can see all the types of messages that can be sent for a specific matter, for example, let's say system authentication successes / failures.
In order to parse syslog properly, I need to see all the different messages that can be sent.
I'm just a beginner and I'd like to do it myself, for training purposes.

[Lazydog]

Well failed loggins would most likely be sent to secure log file while iptables would most likely be sent to messages.

As to a web page have you used GOGGLE and searched?

[Elishac]

Thanks for your answering, but I'm sorry, I didn't fully understand it. What do secure log file and messages refer to, and where do I find them on my computer ?
Yeah I've used google quite a lot, and I only found applications that are too complex for me to understand their source code.
I'd just like to know where I can find information about all the different syslog messages that can be displayed for one specific topic (I don't mind which), so that I can parse it correctly.

[Lazydog]

All log files should be in /var/log. As to finding more information GOOGLE is your friend.