[OWASP-Delhi] query:Linux web server Logs

Tarun Gupta email at tgupta.com
Tue Sep 2 08:37:42 UTC 2014


Ideally you should secure all session and transaction logs.

 

Sessions will be for login logout failed etc and transaction should tell what was the command issues and what happened

 

Tarun

 

From: owasp-delhi-bounces at lists.owasp.org [mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Learner Kid
Sent: Tuesday, September 02, 2014 9:09 AM
To: owasp-delhi at lists.owasp.org
Subject: [OWASP-Delhi] query:Linux web server Logs

 

Hello Everyone,

I am a beginner and have a query, please guide:

What kind of server logs we need to maintain which can be helpful in investigations. As of now I keep these:

1) Website Access Log
/usr/local/apache/logs/access_log
/usr/local/apache/domlogs

2) FTP Acees Log
/var/log/messages

3) MySQL Access Log
/var/lib/mysql called hostname.log and hostname-slow.log where hostname is the short hostname for the machine.

4) Cpanel Access Log
/usr/local/cpanel/logs/access_log

Thanks & Regards,

Learner Kid

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20140902/327833c9/attachment.html>


More information about the OWASP-Delhi mailing list