Five Indicators To Watch For On Your Networks

Posted on September 7, 2013 by mea

First, companies need to monitor the right logs, including data from firewalls, virtual private networking (VPN) appliances, Web proxies and DNS servers. Next, the security team must collect data on what “normal” looks like inside the company’s network. Third, analysts must identify the indicators of attacks in their log files. Finally, the security group must have a procedure for responding to incidents identified by log analysis.

via Five Indicators To Watch For On Your Networks — Dark Reading.

“Killer Joe” Sues VPN-Using BitTorrent Pirates

Posted on April 18, 2013 by mea

The film in question grossed disappointing box office earnings, but these fresh lawsuits offer new revenue potential.

via “Killer Joe” Sues VPN-Using BitTorrent Pirates | TorrentFreak.

TorrentFreak asked both Leaseweb and SpotFlux what kind of information they will be able to share when the subpoena comes in, but we have yet to receive a response. In its privacy policy Spotflux explains that it will comply with court orders, but that the company keeps logs to a minimum.

This might be the first attempt to go after a VPN provider. If they rotated their logs properly there shouldn’t be any information to give or hide.

20 Linux Log Files that are Located under /var/log Directory

Posted on February 28, 2012 by mea

20 Linux Log Files that are Located under /var/log Directory.

/var/log/audit/ – Contains logs information stored by the Linux audit daemon (auditd).

Red Hat’s Linux changes: Fixes or ISV positioning?

Posted on December 1, 2011 by mea

But Rainer Gerhards, the lead developer for the rsyslog tool, has now had a chance to analyze Poettering’s and Sievers’ paper in detail and says that the similarities to the Windows Event Log is actually a good thing, since there are aspects of the Windows Event Log tool that would actually be useful in.

But, Gerhards argues, such a drastic change in the way Linux handles system event logging may not be necessary, given that Gerhards’ rsyslog tool, as well as functionality in the competing syslog-ng tool, already can address many of the problems Sievers and Poettering have addressed.

via Red Hat’s Linux changes: Fixes or ISV positioning? | ITworld.

Force iptables to log messages to a different log file

Posted on November 16, 2011 by mea

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user defined chains.

By default, Iptables log message to a /var/log/messages file. However you can change this location. I will show you how to create a new logfile called /var/log/iptables.log. Changing or using a new file allows you to create better statistics and/or allows you to analyze the attacks

Via Force iptables to log messages to a different log file.

Bucktown Bell

Cut to the chase.

Tag Archives: logs

Five Indicators To Watch For On Your Networks

“Killer Joe” Sues VPN-Using BitTorrent Pirates

20 Linux Log Files that are Located under /var/log Directory

Red Hat’s Linux changes: Fixes or ISV positioning?

Force iptables to log messages to a different log file