Checking your logs

Syslogd is the daemon that controls all the system logging and its default
configuration file is the /etc/syslog.conf. If you dont have this file
(in your Unix system), you probably have a problem (unless using other
kind of log daemon).
Generally, when a "cracker" compromise a system, the first thing that
he wants to do is to hide himself. The easiest way is deleting the logs
or modifying its entries. Because of that, Rootcheck executes a lot of
checks to ensure the integrity of your /etc/syslog.conf and other
log files specified there.

  • /etc/syslog.conf doesnt exist!
  • Log configured to send to /dev/null!
  • Log configured to send to a remote syslog!
  • Log file does not exist!
  • Syslogd is not running!

    $RootCheck: syslog.php ,v 1.0 2003/10/17, Daniel B. Cid$