close
System Logging
1. /var/log/*
/var/log/dmesg
/var/log/messages
/var/log/maillog
/var/log/secure
/var/log/audit/audit.log
#ausearch -uj
#ausearch -uj root
time->Tue Jul 21 22:57:12 2009
type=CRED_DISP msg=audit(1248188232.759:78): user pid=11910 uid=0 auid=0 subj=root:system_r:initrc_t:s0 msg='PAM: setcred acct="student" : exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
----
time->Tue Jul 21 22:57:12 2009
type=USER_END msg=audit(1248188232.759:79): user pid=11910 uid=0 auid=0 subj=root:system_r:initrc_t:s0 msg='PAM: session close acct="student" : exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
-----略-----
#aureport
[root@server1 ~]# aureport
Summary Report
======================
Range of time in logs: 07/06/2009 22:10:14.695 - 07/21/2009 23:01:01.278
Selected time for report: 07/06/2009 22:10:14 - 07/21/2009 23:01:01.278
Number of changes in configuration: 61
Number of changes to accounts, groups, or roles: 5
Number of logins: 34
Number of failed logins: 27
Number of authentications: 178
Number of failed authentications: 21
Number of users: 1
Number of terminals: 15
Number of host names: 5
Number of executables: 15
Number of files: 0
Number of AVC's: 14
Number of MAC events: 78
Number of failed syscalls: 14
Number of anomaly events: 156
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 289
Number of events: 1504
2. Syslog configuration
/etc/sysconfig/syslog
/etc/syslog.conf
1. /var/log/*
/var/log/dmesg
/var/log/messages
/var/log/maillog
/var/log/secure
/var/log/audit/audit.log
#ausearch -uj
#ausearch -uj root
time->Tue Jul 21 22:57:12 2009
type=CRED_DISP msg=audit(1248188232.759:78): user pid=11910 uid=0 auid=0 subj=root:system_r:initrc_t:s0 msg='PAM: setcred acct="student" : exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
----
time->Tue Jul 21 22:57:12 2009
type=USER_END msg=audit(1248188232.759:79): user pid=11910 uid=0 auid=0 subj=root:system_r:initrc_t:s0 msg='PAM: session close acct="student" : exe="/sbin/runuser" (hostname=?, addr=?, terminal=pts/2 res=success)'
-----略-----
#aureport
[root@server1 ~]# aureport
Summary Report
======================
Range of time in logs: 07/06/2009 22:10:14.695 - 07/21/2009 23:01:01.278
Selected time for report: 07/06/2009 22:10:14 - 07/21/2009 23:01:01.278
Number of changes in configuration: 61
Number of changes to accounts, groups, or roles: 5
Number of logins: 34
Number of failed logins: 27
Number of authentications: 178
Number of failed authentications: 21
Number of users: 1
Number of terminals: 15
Number of host names: 5
Number of executables: 15
Number of files: 0
Number of AVC's: 14
Number of MAC events: 78
Number of failed syscalls: 14
Number of anomaly events: 156
Number of responses to anomaly events: 0
Number of crypto events: 0
Number of process IDs: 289
Number of events: 1504
2. Syslog configuration
/etc/sysconfig/syslog
/etc/syslog.conf
全站熱搜
留言列表
學習 (2)