Post on 28-Nov-2014
description
Overview
● What is “Centralized Log Server” ?
● Why we need Centralized Log Server ?
● Importance of using Centralized Log Server
● Easily of getting logs!
● SPLUNK!!!
● DEMO
What is “Centralized Log Server” ?
What is “Centralized Log Server” ?
It is a normal workstation with free RedHat Linux 6 Installed without any additional software installed
It uses basic Linux Knowledge to collect the logs from all clients through TCP & UDP connections to one centralized machine
Why we need Centralized Log Server ?
Importance of Using C. Log Server
- Collect security logs from all workstations and servers to one machine
- Monitor the network & respond to attacks
- Show password changes for all users
- Show when ANY workstation reboot or shutdown
Easily of getting logs! “/var/log/”
User “root” changed his password:Mar 23 14:57:20 localhost passwd: pam_unix(passwd:chauthtok): password changed for root
Local Authentication Failure: Mar 23 14:58:46 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty3 ruser= rhost= user=root
Poweroff or Reboot:Mar 22 15:58:01 localhost init: tty (/dev/tty2) main process (1896) killed by TERM signal
SSH Authentication Failure:Mar 18 01:13:18 rhel5.vmz sshd[2793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.2 user=root
SPLUNK!!
- Graphical User Interface application to view system logs
- Free & Open Source project
-Quick Search, saved search, alerting,scheduling, and dashboard creation
- Make graphical reports
Any Questions ?!!
THANK YOU !
By: Mohammed AlMaraghy
RedHat Certified Engineer
Twitter: @MohammedMaraghy
Maraghy@fedoraproject.org