[logs] DMZ proxy system logs

From: abhinav tiwari (abhinav_tiwariat_private)
Date: Fri Sep 20 2002 - 07:00:18 PDT

  • Next message: abhinav tiwari: "[logs] ALL services running on BSD"

    For DMZ proxy server with BSD , i want to trace intrusion attempts by 
    internet hacker , scanning the log files. I hope someone here will be able 
    to guide what enteries or patterns to look for in the files like ...
    
    /var/log/messages
    /var/log/secure
    /var/log/ftp.log
    /var/log/daemon.log
    
    Also if i have 3 dmz zones and 2 proxy servers each , shud i correlate the 
    proxy system logs among the three sites..?
    
    I have squid working as proxy and incoming ftp/telnet disallowed and already 
    configured. Will the log file reading be very important to detect any 
    intrusion attempts made by hackers etc...?
    
    Also do i need to read any other file other than the above mentioned 
    files..? I know the /etc/syslog.conf says where to store the individual logs 
    for various damenmons etc..but is there any other daemon running which 
    copies intrusions etc somewhere else too..?
    
    thanks
    abhinav
    
    
    
    
    
    
    
    _________________________________________________________________
    MSN Photos is the easiest way to share and print your photos: 
    http://photos.msn.com/support/worldwide.aspx
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 11:00:20 PDT