Archive for the tag 'Logging'

SBDavid

How to Configure Logging

How to Configure Logging

There are two packages available in RHEL 5 for performing logging, and recommends that rsyslog be used.

No matter which logging software is used, a system should send its logs to a remote loghost. An intruder who has compromised the root account on a machine may delete the log entries which indicate that the system was attacked before they are seen by an administrator. If system logs are to be useful in detecting malicious activities, it is necessary to send them to a remote server.

The sysklogd software provides the default logging daemon for RHEL, but has a number of downsides, including a lack of authentication for client or server, lack of encryption, or reliable transport for messages sent over a network. For these reasons, rsyslog is recommended instead (and it is also part of RHEL).

SBDavid

PHP Error Handling and Logging

PHP Error Handling and Logging

Display_startup_errors

Even when display_errors is on, errors that occur during PHP’s startup sequence are not displayed. It’s strongly recommended to keep display_startup_errors off, except for debugging.

These are functions dealing with error handling and logging. They allow you to define your own error handling rules, as well as modify the way the errors can be logged. This allows you to change and enhance error reporting to suit your needs.

With the logging functions, you can send messages directly to other machines, to an email (or email to pager gateway!), to system logs, etc., so you can selectively log and monitor the most important parts of your applications and websites.

The error reporting functions allow you to customize what level and kind of error feedback is given, ranging from simple notices to customized functions returned during errors.

How do I enable error logging for PHP scripts which helps in debugging application?

PHP errors are by default logged to the web server’s error log file (at least they are with the default setup on most Linux distros) but it is also possible to instead log PHP errors to a file of your choice. This is useful on production websites so you can periodically check for errors and fix them in a location other than the default webserver error log file.

If you do not currently have a php.ini, make one and place it in the same folder(s) as the PHP script(s) that you want to track errors for. You will need to add the following 2 lines:

log_errors = On
error_log = error_log

If we choose to enable error logging, then we MUST check the error_log often and take corrective actions for persistent errors, it’s recommend having it disabled for security reasons.

SBDavid

TCP Wrappers and Enhanced Logging

TCP Wrappers and Enhanced Logging

If certain types of connections are of more concern than others, the log level can be elevated for that service via the severity option.

For this example, assume anyone attempting to connect to port 23 (the Telnet port) on an FTP server is a cracker. To denote this, place a emerg flag in the log files instead of the default flag, info, and deny the connection.

To do this, place the following line in /etc/hosts.deny:

in.telnetd : ALL : severity emerg

This uses the default authpriv logging facility, but elevates the priority from the default value of info to emerg, which posts log messages directly to the console.

SBDavid

Setting up logging in webmin

Setting up logging

Like most web servers, Webmin can be configured to create a lot file in the standard CLF format the records every request it receives. As well, it also creates a log of actions performed by users, such as the creation of a DNS zone or the deletion of a Unix group. This actions log can even include the details of every file changed and command run by each action, so that you can see what Webmin is doing under the hood.

Basic logging is enabled by default, but you can configure it further by following these steps :

  1. Click on the Logging icon on the main page.
  2. If Disable logging is selected then Webmin will write no logs at all. However, you should choose Enable logging to activate it.
  3. If the Log resolved hostnames box is checked the log file will contain actual client hostnames instead of IP addresses. This can cause problems if reverse DNS lookups take a long time on your network, as one will need to be done for each request.
  4. To prevent the log files from becoming too large, Webmin can be configured to truncate them periodically. To enable this feature, select the Clear logfiles every box and enter a number of hours into the adjacent text field.
  5. To limit action logging to only specific users, select the Only log actions by option and choose some users from the list next to it. This can be handy if most of your users can only perform tasks that you don’t care much about, and you want to log only actions taken by the more powerful administrators instead.
  6. To limit action logging to only specific modules, select the Only log actions in option and choose one or more modules from its list.
  7. To enable the logging of file changes and commands run for each action, check the *Log changes made to files by each action *box. This will take up more disk space, but provides some very useful and interesting information.
  8. Hit the Save button to activate the changes.

Next »