Saturday, June 24, 2017

Watch a network using syslog

One of the traditional tools for the generation of logs is called syslog. Syslog is a protocol designed to send log entries generated by a device or process called a facility across an IP network to a message collector, called a syslog server.
Syslog messages begin with two numerical codes. The first code identifies the facility that generated the message, some examples of which are as follows:
  • 0 Kernel messages
  • 1 User-level messages
  • 2 Mail system
  • 3 System daemons
  • 4 Security/authorization messages
  • 5 Messages generated internally by syslog
  • 6 Line printer subsystem
  • 7 Network news subsystem
  • 8 UUCP subsystem
  • 9 Clock daemon
  • 10 Security/authorization messages
  • 11 FTP daemon
  • 12 NTP subsystem
The second code uses the following values to specify the severity of the message:
  • 0 Emergency: system is unusable
  • 1 Alert: action must be taken immediately
  • 2 Critical: critical conditions
  • 3 Error: error conditions
  • 4 Warning: warning conditions
  • 5 Notice: normal but significant condition
  • 6 Informational: informational messages
  • 7 Debug: debug-level messages
Subsequent parts of the Syslog message format include a structured data section, which contains information in a format easily parsable by other software entities, and a free-form message section intended to carry more specific information about the event.
True or false: Virtually all UNIX and Linux distributions include a version of syslog.
Answer: True. Syslog has become ubiquitous on the UNIX and Linux platforms and is common on other operating systems as well, including Windows.
Syslog is primarily a UNIX/Linux utility
True or false: Syslog is the means by which an application can write information to a log file.
Answer: True. Syslog was developed in the 1980s for use with sendmail, the de facto standard in Simple Mail Transfer Protocol (SMTP) mail servers. It enables sendmail to record its activities in a text-based log file. Since then, it has come to be used for the same purpose with a variety of applications and processes.

TCP Three-Way Handshake – Como capturar e entender o conceito

TCP Three-Way Handshake – Como capturar e entender o conceito Os dois primeiros pacotes são fáceis porque são os dois únicos que possue...