Linux Basics for Hackers


The rsyslog Logging Daemon



Download 1,43 Mb.
bet12/18
Sana22.08.2022
Hajmi1,43 Mb.
#847523
1   ...   8   9   10   11   12   13   14   15   ...   18
Bog'liq
(2)Linux Basics For Aspiring Hackers 2018

The rsyslog Logging Daemon


Linux uses a daemon called syslogd to automatically log events on your computer. Several variations of syslog, including rsyslog and syslog-ng, are used on different distributions of Linux, and even though they operate very similarly, some minor differences exist. Since Kali Linux is built on Debian, and Debian comes with rsyslog by default, we focus on that utility in this chapter. If you want to use other distributions, it’s worth doing a little research on their logging systems.
Let’s take a look at rsyslog on your system. We’ll search for all files related to rsyslog. First, open a terminal in Kali and enter the following:

kali >locate rsyslog
/etc/rsyslog.conf
/etc/rsyslog.d
/etc/default/rsyslog
/etc/init.d/rsyslog
/etc/logcheck/ignore.d.server/rsyslog
/etc/logrotate.d/rsyslog
/etc/rc0.d/K04rsyslog
--snip--

As you can see, numerous files contain the keyword rsyslog—some of which are more useful than others. The one we want to examine is the configuration file rsyslog.conf.

The rsyslog Configuration File


Like nearly every application in Linux, rsyslog is managed and configured by a plaintext configuration file located, as is generally the case in Linux, in the /etc directory. In the case of rsyslog, the configuration file is located at /etc/rsyslog.conf. Open that file with any text editor, and we’ll explore what’s inside (here, I use Leafpad):

kali >leafpad /etc/rsyslog.conf

You should see something like Listing 11-1.

/etc/rsyslog.conf Configuration file for rsyslog.
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
###########################
#### GLOBAL DIRECTIVES ####
###########################

Listing 11-1: A snapshot of the rsyslog.conf file
As you can see, the rsyslog.conf file comes well documented with numerous comments explaining its use. Much of this information will not be useful to you at this moment, but if you navigate down to below line 50, you’ll find the Rules section. This is where you can set the rules for what your Linux system will automatically log for you.

Download 1,43 Mb.

Do'stlaringiz bilan baham:
1   ...   8   9   10   11   12   13   14   15   ...   18



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2025
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish