[Moved] All Kids like LOG!
Logs are the life-blood of a server. They show the who what when and where (sorry, you sometimes have to supply the why) of things that are occurring on your devices. It's a real balancing act getting your logging set so that you get enough information but not so much that you drown in it.
Here's a great start to understand how to "tune" your logs:
How does syslog work and how can I increase log level?
https://access.redhat.com/site/solutions/68147
Once you've got things how you'd like them to run, you want to manage the files:
How do I rotate log files?
https://access.redhat.com/site/solutions/1294
As you get fancier and want additional things sent to your logs these steps can help you to better understand what's going on from a security perspective:
How do I setup logging in the iptables firewall?
https://access.redhat.com/site/solutions/6249
Where are the details for 'su' logins logged in Red Hat Enterprise Linux ?
https://access.redhat.com/site/solutions/22581
There will be those of you out there leveraging newer versions of RHEL where we've changed syslog a bit, details on that can be found here:
How to migrate from syslog to rsyslog?
https://access.redhat.com/site/solutions/36328
Now, you may want all of your logs collected to a centralized logging server. If that's the case these two guides can help you:
How do I direct logs from all the systems in my network to one centralized server in Red Hat Enterprise Linux?
https://access.redhat.com/site/solutions/2725
and then for the truly advanced, who want a complete view of what's changing and going on across your server we have auditd:
How do I monitor files/directories using auditd in RHEL ?
https://access.redhat.com/site/solutions/40943
How to configure "auditd" to find who modified a file in Red Hat Enterprise Linux 5?
https://access.redhat.com/site/solutions/10107
So those are the basics, does anyone have any good tips or stories to share with the Community about how you manage your logs? We'd love to hear about them!
