From owner-freebsd-questions Mon Aug 26 3:44:15 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C47C337B400 for ; Mon, 26 Aug 2002 03:44:13 -0700 (PDT) Received: from caduceus.jf.intel.com (fmr06.intel.com [134.134.136.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4074743E65 for ; Mon, 26 Aug 2002 03:44:13 -0700 (PDT) (envelope-from abhinav.tiwari@intel.com) Received: from petasus.jf.intel.com (petasus.jf.intel.com [10.7.209.6]) by caduceus.jf.intel.com (8.11.6/8.11.6/d: outer.mc,v 1.49 2002/08/23 20:32:26 root Exp $) with ESMTP id g7QAgJv03489 for ; Mon, 26 Aug 2002 10:42:19 GMT Received: from orsmsxvs040.jf.intel.com (orsmsxvs040.jf.intel.com [192.168.65.206]) by petasus.jf.intel.com (8.11.6/8.11.6/d: inner.mc,v 1.23 2002/08/23 20:31:44 root Exp $) with SMTP id g7QAfjK12226 for ; Mon, 26 Aug 2002 10:41:45 GMT Received: from orsmsx26.jf.intel.com ([192.168.65.26]) by orsmsxvs040.jf.intel.com (NAVGW 2.5.2.11) with SMTP id M2002082603455728445 for ; Mon, 26 Aug 2002 03:45:57 -0700 Received: by orsmsx26.jf.intel.com with Internet Mail Service (5.5.2653.19) id ; Mon, 26 Aug 2002 03:44:12 -0700 Message-ID: <12B638FEE763F74696D8544752E72048018F2B6D@bgsmsx101.iind.intel.com> From: "Tiwari, Abhinav" To: freebsd-questions@FreeBSD.ORG Subject: audit trail Date: Mon, 26 Aug 2002 03:39:47 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG What files are responsible to hold the intresting enteries for analysis, if network admin desired to monitor the system logs from security attack/intrusion perspective..?If many system files can hint or show any unauthorized attempts made on the application server , what correlation logic can help to effectively isolate any real attack or attempt on a bsd unix server which is used to host some application - say dns or proxy service etc...? regds abhi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message