[logs] DMZ proxy system logs-- ur suggestions

From: abhinav tiwari (abhinav_tiwariat_private)
Date: Tue Sep 24 2002 - 08:18:25 PDT

  • Next message: khatvi: "[logs] regarding log export"

    For DMZ proxy server with BSD , i want to trace intrusion attempts by
    internet hacker , scanning the log files. I hope someone here will be able
    to guide what enteries or patterns to look for in the files like ...
    
    /var/log/messages
    /var/log/secure
    /var/log/ftp.log
    /var/log/daemon.log
    
    Also if i have 3 dmz zones and 2 proxy servers each , shud i correlate the
    proxy system logs among the three sites..?
    
    I have squid working as proxy and incoming ftp/telnet disallowed and already
    configured. Will the log file reading be very important to detect any
    intrusion attempts made by hackers etc...?
    
    Also do i need to read any other file other than the above mentioned
    files..? I know the /etc/syslog.conf says where to store the individual logs
    for various damenmons etc..but is there any other daemon running which
    copies intrusions etc somewhere else too..?
    
    thanks
    abhinav
    
    
    
    _________________________________________________________________
    Send and receive Hotmail on your mobile device: http://mobile.msn.com
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 09:43:56 PDT