From owner-freebsd-security Fri Jul 31 06:15:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA22486 for freebsd-security-outgoing; Fri, 31 Jul 1998 06:15:55 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from eh.est.is (eh.est.is [194.144.208.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA22480 for ; Fri, 31 Jul 1998 06:15:50 -0700 (PDT) (envelope-from totii@est.is) Received: from gateway.toti.est.is (root@toti.est.is [194.144.208.200]) by eh.est.is (8.8.5/8.8.7) with ESMTP id NAA13416 for ; Fri, 31 Jul 1998 13:15:55 GMT (envelope-from totii@est.is) Received: from didda.toti.est.is ([192.168.255.22]) by gateway.toti.est.is (8.8.7/8.8.7) with ESMTP id NAA18339 for ; Fri, 31 Jul 1998 13:17:15 GMT (envelope-from totii@est.is) Message-ID: <35C1B523.FA05E6AC@est.is> Date: Fri, 31 Jul 1998 13:14:27 +0100 From: "=?iso-8859-1?Q?=DE=F3r=F0ur=20=CDvarsson?=" Reply-To: thivars@est.is X-Mailer: Mozilla 4.01 [en] (Win95; I) MIME-Version: 1.0 To: "security@FreeBSD.ORG" Subject: Where are your logs? Methods of logging? X-Priority: 3 (Normal) Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id GAA22481 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I notice here on the list that many of us get break in and there are no logs available afterwards. After break in to one of our system I installed system on old but reliable computer and with plenty of diskspace for logs. All services not needed are disabled and firewall that denys everything but incoming logging packets. Now I log everything from every system to that computer, backup the logs every day, and trace them. Is this something that might help us to trace the problems or is this just extra trouble? Þórður Ívarsson thivars@est.is To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message