nixCraft Linux Forum

nixCraft

Linux Tech Support Forum

Debian Linux Mail Sever Logs Files

This is a discussion on Debian Linux Mail Sever Logs Files within the Ubuntu / Debian forums, part of the Linux Distribution category; Hello, First of all, I'm newbie. Server is Debian with Apache, MySQL, SMTP, DHCP (LAN of 15 computer . I'm ...


Go Back   nixCraft Linux Forum > Linux Distribution > Ubuntu / Debian

Debian Linux Mail Sever Logs Files Debian Linux Mail Sever Logs Files

Register FAQ Members List Calendar Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-11-2007, 01:18 AM
Junior Member
User
  
Join Date: Nov 2007
My distro: Debian
Posts: 4
Rep Power: 0
Dj_Lord is on a distinguished road
Default Debian Linux Mail Sever Logs Files
Hello,

First of all, I'm newbie. Server is Debian with Apache, MySQL, SMTP, DHCP (LAN of 15 computer. I'm trying to look for virus/trojan network activity on a network of Windows clients. Can you tell what I shoud look for? What I know is just how to get to /var/log ...
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 11-11-2007, 03:42 PM
nixcraft's Avatar
Never say die
User
  
Join Date: Jan 2005
Location: BIOS
My distro: Any distro with shell
Posts: 967
Rep Power: 10
nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute
Default
All logs files are located at /var/log directory. For example /var/log/messages has Genreal message and system releated stuff. To see use
Code:
tail -f /var/log/messages
To search use grep command
Code:
grep 'word' /var/log/messages
See our FAQ for more info - Linux log files location and how do I view logs files?
__________________
Vivek | My personal blog
Linux Evangelist
Play hard stay cool
Reply With Quote
  #3 (permalink)  
Old 11-11-2007, 05:13 PM
Junior Member
User
  
Join Date: Nov 2007
My distro: Debian
Posts: 4
Rep Power: 0
Dj_Lord is on a distinguished road
Default
OK... Let's say one of LAN computers has a program, which periodically downloads some info from the internet. Where will be stored info about such network activity in linux server logs?
Reply With Quote
  #4 (permalink)  
Old 11-12-2007, 10:57 AM
Administrator
User
  
Join Date: Apr 2007
Posts: 10
Rep Power: 10
root has disabled reputation
Default
Do you use squid proxy server?
Reply With Quote
  #5 (permalink)  
Old 11-12-2007, 10:07 PM
Junior Member
User
  
Join Date: Nov 2007
My distro: Debian
Posts: 4
Rep Power: 0
Dj_Lord is on a distinguished road
Default
I don't know, I'm gonna check that. What if yes?
Reply With Quote
  #6 (permalink)  
Old 11-12-2007, 10:50 PM
rockdalinux's Avatar
Contributors
User
  
Join Date: May 2005
Location: Bangalore
My distro: RHEL, HP-UX, Solaris, FreeBSD, Ubuntu
Posts: 578
Rep Power: 7
rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough
Default
If so, use
/var/log/squid/access.log to see what users are accessing
/var/log/squid/cache.log - server cache status and error log
/var/log/squid/store.log - what is currently stored on disk via caching software

There are many ways one can set Linux server to act as gateway for windowsz system
__________________
Rocky Jr.
You may have my body & soul, but you will never touch my pride!

If you have knowledge, let others light their candles at it.

Certified to work on HP-UX / Sun Solaris / RedHat
Reply With Quote
  #7 (permalink)  
Old 11-16-2007, 11:18 PM
Junior Member
User
  
Join Date: Nov 2007
My distro: Debian
Posts: 4
Rep Power: 0
Dj_Lord is on a distinguished road
Default
it has no squid (i couldn't find /var/log/squid folder). How could I identify proxy?
Reply With Quote
  #8 (permalink)  
Old 11-18-2007, 08:11 AM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
Login as the root and run command
Code:
netstat -tulp
It will ist all running process along with open port. Use this info to find out if squid is running or not
__________________
May the force with you!
Reply With Quote
Reply

Bookmarks

« Upgrade Apache Server | Ubuntu Linux folder permissions »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Acetoneiso 2 Debian Linux sweta Ubuntu / Debian 0 11-01-2007 02:49 AM
Enabling Audit logs using psacct ccubed Getting started tutorials 1 06-25-2007 09:07 PM
CVS logs how to rajuk Linux software 1 12-14-2006 04:44 PM
Debian Linux setup a web server w/o CP chiku Linux software 0 12-13-2006 06:28 PM
unzipping windows zip files under debian Linux software 1 01-11-2006 10:39 PM


All times are GMT +5.5. The time now is 06:03 AM.

Contact Us - Linux answers from nixCraft - Archive - Top

Powered by vBulletin® Version 3.7.3 - Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36