Logging

Logging

[Chris Rose]

Can anyone on the list suggest some tools for log reading?  i'm trying to 
audit my ftp server (proftpd) and i have no idea how to configure its 
logging, nor how best to view what it puts out.  i have Webmin, but the 
logging interface in there is pretty unclear to someone who's got nothing 
to start from, knowledge-wise.


Chris Rose
==========
1952 - 2001 = 42


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Logging

[Richard Adams]

On Wednesday 10 April 2002 05:46, Chris Rose wrote:
> Can anyone on the list suggest some tools for log reading?  i'm trying to
> audit my ftp server (proftpd) and i have no idea how to configure its
> logging, nor how best to view what it puts out.  i have Webmin, but the
> logging interface in there is pretty unclear to someone who's got nothing
> to start from, knowledge-wise.

Why would one want to ue a fancy program to read a simple text file, the 
program less allows the use of a search engine, hit the '/' key and a slash 
will appier at the bottom left of the screen, type a word to look for, then 
hit enter, to repeat hit the slash again and press enter or simply hit the 
space bar, the found word is highlighted.

>
> Chris Rose
> ==========
> 1952 - 2001 = 42

-- 
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Logging

[Chris Rose]

At 06:08 AM 10/04/2002 +0000, Richard Adams wrote:
>On Wednesday 10 April 2002 05:46, Chris Rose wrote:
> > Can anyone on the list suggest some tools for log reading?  i'm trying to
> > audit my ftp server (proftpd) and i have no idea how to configure its
> > logging, nor how best to view what it puts out.  i have Webmin, but the
> > logging interface in there is pretty unclear to someone who's got nothing
> > to start from, knowledge-wise.
>
>Why would one want to ue a fancy program to read a simple text file, the
>program less allows the use of a search engine, hit the '/' key and a slash
>will appier at the bottom left of the screen, type a word to look for, then
>hit enter, to repeat hit the slash again and press enter or simply hit the
>space bar, the found word is highlighted.

i think you're missing the point - what i'm looking for is not, per se, the 
mechanism used to read the log, so much as i'm looking for the means to 
make sense of what i'm seeing, and also which log files/settings of the 
daemon will provide me with stats on uploads/downloads from my ftp site.


Chris Rose
==========
1952 - 2001 = 42


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Logging

[Richard Adams]

On Wednesday 10 April 2002 06:36, Chris Rose wrote:

> >Why would one want to ue a fancy program to read a simple text file, the
> >program less allows the use of a search engine, hit the '/' key and a
> > slash will appier at the bottom left of the screen, type a word to look
> > for, then hit enter, to repeat hit the slash again and press enter or
> > simply hit the space bar, the found word is highlighted.
>
> i think you're missing the point - what i'm looking for is not, per se, the
> mechanism used to read the log, so much as i'm looking for the means to
> make sense of what i'm seeing, and also which log files/settings of the
> daemon will provide me with stats on uploads/downloads from my ftp site.

I dont think i am, i meant what i said, what i can tell you futher is that 
proftp.log does not really reveal much infomation at all, its "xferlog" in 
/var/log that tells all, 'man xferlog' will explain all there is to be known.

Just in case you may read my mail as being prudent here is what profftp log 
shows.
Aug 05 15:16:02 unix.pa3gcu proftpd[3839]

Date and time i am sure we all now what that is, unix.pa3gcu = the server 
name, proftpd[389] is the process number as would be shown by 'ps ax' when 
the connection was presant. Further on the same line in the log one would see;

unix.pa3gcu.ampr.org (192.168.1.160[192.168.1.160]): USER pa3gcu: Login 
successful

unix.pa3gcu.ampr.org is the fullservername (192.168.1.160[192.168.1.160]): is 
the IP# of the remote computer who just opened the ftp connect,
USER: pa3gcu = the user who logged in, that could be ftp or guest when 
anoymous is used, Login succesful means a valid passwd was used.
Any discrepancy's would be logged as well as the last entry on the line.
No more info is given, you now would refer to xferlog to get details of what 
was done in that connection.
See 'man xferlog' to get all the details on those entries.

I trust i have not missed the point in your eyes this time...

>
>
> Chris Rose
> ==========
> 1952 - 2001 = 42

-- 
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Compaq Armada 100S

[DFW II]

I just inherited a Compaq Armada 100S laptop computer and am thinking about 
installing Linux on the machine... Any recommendations for a distribution?

At 06:23 PM 4/10/02 +0000, Richard Adams wrote:
>On Wednesday 10 April 2002 06:36, Chris Rose wrote:
>
> > >Why would one want to ue a fancy program to read a simple text file, the
> > >program less allows the use of a search engine, hit the '/' key and a
> > > slash will appier at the bottom left of the screen, type a word to look
> > > for, then hit enter, to repeat hit the slash again and press enter or
> > > simply hit the space bar, the found word is highlighted.
> >
> > i think you're missing the point - what i'm looking for is not, per se, the
> > mechanism used to read the log, so much as i'm looking for the means to
> > make sense of what i'm seeing, and also which log files/settings of the
> > daemon will provide me with stats on uploads/downloads from my ftp site.
>
>I dont think i am, i meant what i said, what i can tell you futher is that
>proftp.log does not really reveal much infomation at all, its "xferlog" in
>/var/log that tells all, 'man xferlog' will explain all there is to be known.
>
>Just in case you may read my mail as being prudent here is what profftp log
>shows.
>Aug 05 15:16:02 unix.pa3gcu proftpd[3839]
>
>Date and time i am sure we all now what that is, unix.pa3gcu = the server
>name, proftpd[389] is the process number as would be shown by 'ps ax' when
>the connection was presant. Further on the same line in the log one would see;
>
>unix.pa3gcu.ampr.org (192.168.1.160[192.168.1.160]): USER pa3gcu: Login
>successful
>
>unix.pa3gcu.ampr.org is the fullservername (192.168.1.160[192.168.1.160]): is
>the IP# of the remote computer who just opened the ftp connect,
>USER: pa3gcu = the user who logged in, that could be ftp or guest when
>anoymous is used, Login succesful means a valid passwd was used.
>Any discrepancy's would be logged as well as the last entry on the line.
>No more info is given, you now would refer to xferlog to get details of what
>was done in that connection.
>See 'man xferlog' to get all the details on those entries.
>
>I trust i have not missed the point in your eyes this time...
>
> >
> >
> > Chris Rose
> > ==========
> > 1952 - 2001 = 42
>
>--
>Regards Richard
>pa3gcu@zeelandnet.nl
>http://people.zeelandnet.nl/pa3gcu/
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Compaq Armada 100S

[Brian Jung Myeng Lee]

Hello.

Hmm.. This could be a war between what distro's the best. =)
In my opinion, if you are a newbie, get Mandrake or RedHat then swtich
over to Slackware or Debian as soon as possible. (That is when you know
how to manage/run/fix stuff) I started with RH then switched to Slack,
then LFS. But I think it doesn't take a lot to learn those 'hard' distros.
They are all Linux (This is the word, but...) anyway.

Bye bye.

On Fri, 12 Apr 2002, DFW II wrote:

> I just inherited a Compaq Armada 100S laptop computer and am thinking about
> installing Linux on the machine... Any recommendations for a distribution?

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Compaq Armada 100S

[DFW II]

The only problem I can see is that it has a winmodem built into it.... May 
have to get a combo card for it.  Thanks for the opinions on the topic.

At 12:04 PM 4/12/02 -0400, Brian Jung Myeng Lee wrote:
>Hello.
>
>Hmm.. This could be a war between what distro's the best. =)
>In my opinion, if you are a newbie, get Mandrake or RedHat then swtich
>over to Slackware or Debian as soon as possible. (That is when you know
>how to manage/run/fix stuff) I started with RH then switched to Slack,
>then LFS. But I think it doesn't take a lot to learn those 'hard' distros.
>They are all Linux (This is the word, but...) anyway.
>
>Bye bye.
>
>On Fri, 12 Apr 2002, DFW II wrote:
>
> > I just inherited a Compaq Armada 100S laptop computer and am thinking about
> > installing Linux on the machine... Any recommendations for a distribution?

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Compaq Armada 100S

[Richard Adams]

On Sunday 14 April 2002 20:18, DFW II wrote:
> The only problem I can see is that it has a winmodem built into it.... May
> have to get a combo card for it.  Thanks for the opinions on the topic.

It may not be such a problem, my Armada E500 also has a winmodem in it, but 
there is a linux driver for my modem and i must say it works well.

You may want to look at the following sites for info on your make and type of 
modem.
http://linmodems.technion.ac.il/
http://www.idir.net/~gromitkc/winmodem.html

If its a lucent chip moden then you have a very good chance indeed.

-- 
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

logging

[John T. Williams]

I was wondering if there is a good method for logging all attempts to
connect to a port on my computer.  Basically, I was looking for
something that logged the port and ip and the destination port of
attempted connections.

I'm running Mandrake 9.1




-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: logging

[caszonyi]

On Tue, 29 Dec 2003, John T. Williams wrote:

> I was wondering if there is a good method for logging all attempts to
> connect to a port on my computer.  Basically, I was looking for
> something that logged the port and ip and the destination port of
> attempted connections.
>
> I'm running Mandrake 9.1
>

iptables has a logging option but I can't tell you more.
http://lartc.org and look for HOWTO on that page

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: logging

[Ray Olszewski]

At 05:43 PM 12/29/2003 -0500, John T. Williams wrote:
>I was wondering if there is a good method for logging all attempts to
>connect to a port on my computer.  Basically, I was looking for
>something that logged the port and ip and the destination port of
>attempted connections.
>
>I'm running Mandrake 9.1

Presumably a 2.4.x kernel then.

iptables itself (the kernel's built-in firewalling) will do this; LOG is a 
predefined target that does not terminate (in the way that ACCEPT, REJECT, 
and DENY do) but does log each matching packet before passing it on to the 
next rule in the chain.

The man page for iptables will at least get you started. If you need help 
with specifics after reading it, don't hesitate to ask here.





-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs