#17: Logging and Auditing You need to configure logging and auditing to collect all hacking and cracking attempts. By default syslog stores data in /var/log/ directory. This is also useful to find out software misconfiguration which may open your system to various attacks. See the following logging related articles: Linux log file locations . How to send logs to a remote loghost . How do I rotate log files? . man pages syslogd, syslog.conf and logrotate. #17.1: Monitor Suspicious Log Messages With Logwatch / Logcheck Read your logs using logwatch or logcheck . These tools make your log reading life easier. You get detailed reporting on unusual items in syslog via email. A sample syslog report: ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Fri Oct 30 04:02:03 2009 Date Range Processed: yesterday ( 2009-Oct-29 ) Period is day. Detail Level of Output: 0
No matter how sophisticated the technology is , It still takes people !