|
Lines 130-135
Link Here
|
| 130 |
</pre> |
130 |
</pre> |
| 131 |
|
131 |
|
| 132 |
<p> |
132 |
<p> |
|
|
133 |
You also have to tell <c>logcheck</c> which log files to scan |
| 134 |
(<path>/etc/logcheck/logcheck.logfiles</path>). |
| 135 |
</p> |
| 136 |
|
| 137 |
<pre caption="Basic /etc/logcheck/logcheck.logfiles setup"> |
| 138 |
<comment>(This is an example for syslog-ng)</comment> |
| 139 |
/var/log/messages |
| 140 |
</pre> |
| 141 |
|
| 142 |
<p> |
| 133 |
Finally, enable the logcheck cron job. |
143 |
Finally, enable the logcheck cron job. |
| 134 |
</p> |
144 |
</p> |
| 135 |
|
145 |
|
|
Lines 161-164
Link Here
|
| 161 |
</body> |
171 |
</body> |
| 162 |
</section> |
172 |
</section> |
| 163 |
</chapter> |
173 |
</chapter> |
|
|
174 |
|
| 175 |
<chapter> |
| 176 |
<title>Troubleshooting</title> |
| 177 |
|
| 178 |
<section> |
| 179 |
<title>General tips</title> |
| 180 |
<body> |
| 181 |
|
| 182 |
<p> |
| 183 |
You can use the logcheck's <c>-d</c> switch to display more debugging |
| 184 |
information. Example: |
| 185 |
</p> |
| 186 |
|
| 187 |
<pre caption="Debugging logcheck"> |
| 188 |
# <i>su -s /bin/bash -c '/usr/sbin/logcheck -d' logcheck</i> |
| 189 |
D: [1281318818] Turning debug mode on |
| 190 |
D: [1281318818] Sourcing - /etc/logcheck/logcheck.conf |
| 191 |
D: [1281318818] Finished getopts c:dhH:l:L:m:opr:RsS:tTuvw |
| 192 |
D: [1281318818] Trying to get lockfile: /var/lock/logcheck/logcheck.lock |
| 193 |
D: [1281318818] Running lockfile-touch /var/lock/logcheck/logcheck.lock |
| 194 |
D: [1281318818] cleanrules: /etc/logcheck/cracking.d/kernel |
| 195 |
... |
| 196 |
D: [1281318818] cleanrules: /etc/logcheck/violations.d/su |
| 197 |
D: [1281318818] cleanrules: /etc/logcheck/violations.d/sudo |
| 198 |
... |
| 199 |
D: [1281318825] logoutput called with file: /var/log/messages |
| 200 |
D: [1281318825] Running /usr/sbin/logtail2 on /var/log/messages |
| 201 |
D: [1281318825] Sorting logs |
| 202 |
D: [1281318825] Setting the Intro |
| 203 |
D: [1281318825] Checking for security alerts |
| 204 |
D: [1281318825] greplogoutput: kernel |
| 205 |
... |
| 206 |
D: [1281318825] greplogoutput: returning 1 |
| 207 |
D: [1281318825] Checking for security events |
| 208 |
... |
| 209 |
D: [1281318825] greplogoutput: su |
| 210 |
D: [1281318825] greplogoutput: Entries in checked |
| 211 |
D: [1281318825] cleanchecked - file: /tmp/logcheck.uIFLqU/violations-ignore/logcheck-su |
| 212 |
D: [1281318825] report: cat'ing - Security Events for su |
| 213 |
... |
| 214 |
D: [1281318835] report: cat'ing - System Events |
| 215 |
D: [1281318835] Setting the footer text |
| 216 |
D: [1281318835] Sending report: 'localhost 2010-08-09 03:53 Security Events' to root |
| 217 |
D: [1281318835] cleanup: Killing lockfile-touch - 17979 |
| 218 |
D: [1281318835] cleanup: Removing lockfile: /var/lock/logcheck/logcheck.lock |
| 219 |
D: [1281318835] cleanup: Removing - /tmp/logcheck.uIFLqU |
| 220 |
</pre> |
| 221 |
|
| 222 |
</body> |
| 223 |
</section> |
| 224 |
|
| 225 |
</chapter> |
| 164 |
</guide> |
226 |
</guide> |
