Portal Home > Knowledgebase > Articles Database > Gap in log files
Gap in log files
|Posted by bluepen, 12-21-2008, 11:44 PM|
|Gap in log files
i had a problem with one of my servers
due to changes in the firewall couldn't i login anymore.
Someone had to go over and undo that modification.
Now i am checking the log files like secure and
messages logs, but logs of the day he logged in are simply not
there (along with some days more).
So i wonder if someone logins physically
it does log too right? What else can i check?
|Posted by ISPserver, 12-22-2008, 01:26 AM|
|it does log too right? What else can i check?
He also can clear log. You can try to check 'last' command output or .history (.bash_history) file for command.
But if he cleared log I think history also clear.
__________________MiniVDS.com - Extremely low costs at small VPS (Linux and FreeBSD)ISPsystem - Offers a flexible and affordable hosting solution
|Posted by Steven, 12-22-2008, 02:44 AM|
|If you login via console, it generally will not show up in secure because its not going through a daemon.
If he logged in console his bash history will be in / rather then root.
You can check the wtmp log with the 'last' command.
System Administrator @ Fused NetworkRack911.com - Competent Server Administration
Server Security - Administration - Managed Servers - Optimization - High Traffic Clusters
|Posted by bluepen, 12-22-2008, 02:59 AM|
clear log, yes that is what i am trying to figure out.
i checked out the .history file
and there it doesnt show beside what he supposed to do
namely, turn of the firewall.
downside is that .history doesnt tell you what date and time
the event took place. But i can kind of guess since its
a "quite" server.
i checked out the last command already
but there it shows no login on that day at all.
That is why i wonder if he might have cleared the log files
Add to Favourites Print this Article