LOG FILES

[BUDsmoker]

Hello

I need some help understanding log files, I understand the basics like utmp, wtmp, and lastlog on ftp servers. But what about telnet, http, netbios, and other protocals that may log activites, where do they store the logs, etc.... Like what other protocals that I didn't mention also log activities. And also *nix type computers log using wtmp, utmp, and lastlog. But what about windows.

[Algaen]

Windows stores a lot of information in the Event Log. Check out the event viewer in Control Panel/Administrative Tools. There are System and Application messages there. Also check out the program directories as some programs tend to store data in their local directory using a flat log file.

For *nix look at syslog (http://userpages.umbc.edu/~jack/ifsm498d/syslog.html). Many applications take advantage of the syslog daemon to do their logging. The nice thing about syslog is that logging can be done remotely. So all routers, servers, etc. can be setup to use the syslog daemon on a dedicated logging machine. All your logging is automagically consolidated and network-wide data can be gathered.

Hope this helps a bit.

[BUDsmoker]

Hi

Yea man thanx alot it really helped.

Does event log store information on like NetBIOS, etc....

[Algaen]

I've never really played around with the event log much. I know it does store some information, like if there is a duplicate network name. But it is most technical, behind-the-scenes stuff. It would be nice if you could store share accesses and file manipulations. Has anyone tried loggin this using the event log?

[Tedob1]

http and ftp logs are in C:\WINNT<or windows>\system32\Logfiles

telnet logging is not turned on by default. When enabled a file must be created/named anywhere on the local computer.

[BUDsmoker]

Thanx Man

[@n0nym0us]

How can you find out if the network( *nix) is using a Syslog Daemon, are there ways of enumerating that information.