For DMZ proxy server with BSD , i want to trace intrusion attempts by internet hacker , scanning the log files. I hope someone here will be able to guide what enteries or patterns to look for in the files like ... /var/log/messages /var/log/secure /var/log/ftp.log /var/log/daemon.log Also if i have 3 dmz zones and 2 proxy servers each , shud i correlate the proxy system logs among the three sites..? I have squid working as proxy and incoming ftp/telnet disallowed and already configured. Will the log file reading be very important to detect any intrusion attempts made by hackers etc...? Also do i need to read any other file other than the above mentioned files..? I know the /etc/syslog.conf says where to store the individual logs for various damenmons etc..but is there any other daemon running which copies intrusions etc somewhere else too..? thanks abhinav _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 11:00:20 PDT