All Kids like LOG!
Logs are the life-blood of a server. They show the who what when and where (sorry, you sometimes have to supply the why) of things that are occurring on your devices. It's a real balancing act getting your logging set so that you get enough information but not so much that you drown in it.
Here's a great start to understand how to "tune" your logs:
How does syslog work and how can I increase log level?
Once you've got things how you'd like them to run, you want to manage the files:
As you get fancier and want additional things sent to your logs these steps can help you to better understand what's going on from a security perspective:
How do I setup logging in the iptables firewall?
Where are the details for 'su' logins logged in Red Hat Enterprise Linux ?
There will be those of you out there leveraging newer versions of RHEL where we've changed syslog a bit, details on that can be found here:
How to migrate from syslog to rsyslog?
Now, you may want all of your logs collected to a centralized logging server. If that's the case these two guides can help you:
and then for the truly advanced, who want a complete view of what's changing and going on across your server we have auditd:
How do I monitor files/directories using auditd in RHEL ?
How to configure "auditd" to find who modified a file in Red Hat Enterprise Linux 5?
So those are the basics, does anyone have any good tips or stories to share with the Community about how you manage your logs? We'd love to hear about them!
