Portal Home > Knowledgebase > Articles Database > Gap in log files


Gap in log files




Posted by bluepen, 12-21-2008, 11:44 PM
Gap in log files hi, i had a problem with one of my servers due to changes in the firewall couldn't i login anymore. Someone had to go over and undo that modification. Now i am checking the log files like secure and messages logs, but logs of the day he logged in are simply not there (along with some days more). So i wonder if someone logins physically it does log too right? What else can i check?

Posted by ISPserver, 12-22-2008, 01:26 AM
it does log too right? What else can i check? He also can clear log. You can try to check 'last' command output or .history (.bash_history) file for command. But if he cleared log I think history also clear. __________________MiniVDS.com - Extremely low costs at small VPS (Linux and FreeBSD)ISPsystem - Offers a flexible and affordable hosting solution

Posted by Steven, 12-22-2008, 02:44 AM
If you login via console, it generally will not show up in secure because its not going through a daemon. If he logged in console his bash history will be in / rather then root. You can check the wtmp log with the 'last' command. __________________Steven Ciaburri System Administrator @ Fused NetworkRack911.com - Competent Server Administration Server Security - Administration - Managed Servers - Optimization - High Traffic Clusters

Posted by bluepen, 12-22-2008, 02:59 AM
ISPserver clear log, yes that is what i am trying to figure out. i checked out the .history file and there it doesnt show beside what he supposed to do namely, turn of the firewall. downside is that .history doesnt tell you what date and time the event took place. But i can kind of guess since its a "quite" server. @steven i checked out the last command already but there it shows no login on that day at all. That is why i wonder if he might have cleared the log files (partly).



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
VerseHost: poor choice (Views: 301)
JaguarPC Reseller (Views: 360)