On Thursday 21 April 2005 10:32 am, Bob Rea wrote:
On Wednesday 20 April 2005 07:48 pm, Sandy Drobic wrote:
Let's just assume my crystal ball is spitting out the answer he is looking for. Will you then please explain to him what all the megabytes worth of logfiles actually mean? He would probably look right at the answer and not recognize it. You need to have at least a working knowledge how your system is set up and what to look for in the logs.
Is there somewhere a very detailed and explicit guide to reading log files for the complete beginner? It would be a great thing for me. The Linux Documentation Project at http://www.tldp.org is a good place to start. Specificaly sections : http://www.tldp.org/HOWTO/HOWTO-INDEX/admin.html#ADMSECURITY http://www.tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETSECURITY
Sandy may have seemed a bit harsh, but his answer was the correct one. Some of the required knowledge must be built on a foundation of prior knowledge. The above site has a lot of information. I would also read through all of the SuSE documentation first. Their manuals are some of the better ones. Someone else mentioned Snort. I love this program, especialy with the SnortSam plugin. Again, however, a good base knowledge is needed to get the most out of it. <Mild Rant directed_to="NOT OP"> Such questions are common in the computer industry, but quite rare in most others. Most would understand that their doctor could not easily explain many of the intracacies of his job to a layman unless that person had spent a similar number of years gaining the needed base knowledge. Many new users to the Linux world tend to try things they would not have attempted in Windows. This leads to frustration and unfair comparisons between the two systems. Sorry ... I don't usualy do that. I was just asked by a client to explain part of a programs inner workings. It was quite frustrating. -- Louis Richards