Linux Server Security: System Log Management and Monitoring
Source: O'Reilly Media
Whatever else the user does to secure a Linux system, it must have comprehensive, accurate, and carefully watched logs. Logs serve several purposes. First, they help to troubleshoot all kinds of system and application problems. Second, they provide valuable early warning signs of system abuse. Third, after all else fails (whether that means a system crash or a system compromise), logs can provide with crucial forensic data. This paper is about making sure the system processes and critical applications log the events and states the user is interested in and dealing with this data once it's been logged.