A few days back I realised that I couldn't see any logs from UFW in "/var/log/messages" and was getting suspicious...later today upon closer inspection I found out that syslog-ng was some how uninstalled!
Dunno how that happened but I've reinstalled it & I'm sort of getting all paranoid...I'm the kind of guy that takes security quite seriously.
This is what I usually leave running on a console when I think something's going wrong on my network
- Code: Select all
# tail -f /var/log/message | grep BLOCK
Note: for the above command you'll need UFW along with logging option set to MEDIUM.
But anyway I'm interested in hearing your suggestions as to what tools are good at analysing logs and stuff? Also what type of scripts or programs do u guys use to keep intruders at bay?
Thanks in advance
