Re: How can I get an alert if someone views or changes syslog.
From: bostontechgroup (support_at_bostontechgroup.com)
Date: 12/17/04
- Previous message: Chris Mattern: "Re: Newbie question on using SSH and FTP"
- In reply to: Liam: "How can I get an alert if someone views or changes syslog."
- Next in thread: Jose Maria Lopez Hernandez: "Re: How can I get an alert if someone views or changes syslog."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 17 Dec 2004 08:59:49 -0800
Asides from tightenting permissions on critical files like this you
could try using something like swatch. Swatch is a handy tool that
monitors log files for keywords or triggers and alerts you via email or
pager.
Another technique commonly used is to centralize all of your syslogs to
a central very tightly secured log server. This way as each one of
your clients logs an event it sends it to the central log server which
no one has access to. You could also keep a copy of the local syslogs
on each client to compare in the event you feel you have been
compromised.
Hope that helps.
-- Boston Technology Group http://www.bostontechgroup.com
- Previous message: Chris Mattern: "Re: Newbie question on using SSH and FTP"
- In reply to: Liam: "How can I get an alert if someone views or changes syslog."
- Next in thread: Jose Maria Lopez Hernandez: "Re: How can I get an alert if someone views or changes syslog."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
