> From owner-ids@wyrm.its.uow.edu.au Mon Jan 6 22:09:19 1997 > X-Authentication-Warning: wyrm.its.uow.edu.au: majordom set sender to owner-ids using -f > To: ids@uow.edu.au > Subject: Re: Remote Logging > X-Uri: http://www.cs.purdue.edu/people/spaf > Date: Sun, 08 Dec 1996 19:47:34 -0500 > From: spaf@cs.purdue.edu (Gene Spafford) > Sender: owner-ids@uow.edu.au > Reply-To: ids@uow.edu.au > Content-Length: 1174 > > [ Moderator Note: This message was previously truncated - due to a period `.' > incorrectly placed at the begginging of a line. Computer Risks B) ] > > > I caught some of the conversation on audit trails and the likes, and wanted > > to know if anyone knows any FAQ's, web pages, or books..etc, that explain a > > bit on how one could have local log files, and also log the same info > > remotely, making it a great deal harder for an intruder to erase his prescense. > > > > Chapter 10 of "Practical Unix & Internet Security" (O'Reilly & > Associates, 1996) contains a fairly full description of the various > log files on most vesions of Unix, and about methods of replicating > logs to a printer or remotely. > > The rest of the book also provides an in-depth treatment of about > 9/10s of the material that seems to get discussed again and again in > these mailing lists. A lot of things could be answered if people > would simply read their manuals or read the book. > > Of course, I am a bit biased -- I did spend almost a year helping to > write the book. :-) > > It makes a great Christmas stocking stuffer (if you have big > stockings). See <http://www.ora.com/item/pus2.html> for more details. > > --spaf > Are you trying to say RTFM?! Well any way ... there is an article in Sys Admin MAG ... ( Dec 1996 ) on syslog.conf that is good .... |}