Log Capturing and Event Correlation installing syslog-ng Lab

[toggle_content title="Transcript"] Hey, Leo Dregier here. I want to cover installing syslog. I always like to do everything on UNIX and in Windows just to kind of show you how things differ. So we're going to open up a terminal here and we're going to take an APT-GET install syslog-ng and it's going to go through and say, you know the following extra packages will be installed, syslog-ng, or rsyslogs is actually going to be removed. Zero upgraded, nine newly installed, one to remove etc., etc., do you want to continue? We're going to do, yes. And it's going to go out and get the appropriate packages. This may take a little bit for it to go through. You know, it's going to go get the different requests out here. Go to each one of those, download those. Um, then it's going to unzip them, stop any services that need to be, uh, stopped. So in this case since we're removing rsyslog Damon, it stopped that service. Um, install all of your help files and man pages. And then I'll process the trigger. Processing triggers always tends to take a little bit to set up, so, um, but as you can see, as an automated script, relatively this is straightforward and relatively easy. Just type syslog-ng rather than syslog. So here it's downloading the packages. It unpacks them. It selects those. It sets them up, uh, accordingly. And again, just let the script run, alright. Then you can see, we set up, uh, couple of different components to look like we stopped some services. Uh, now we're setting up the syslog-ng services version 3.3.5 tag 4 and then done. And effectively that's it. Um, and so now you can basically do, uh – well let's say, okay, well where did it install it, okay. So let's do a locate syslog, okay, and right off the back, you can see we have, uh, etcsyslog. Now here's the remote syslog configuration, very much similar in syslog to configure the configuration file. Uh, you can see some other components, some rc files in etc. You've got some user includes, some different packages here, some help files, um, some library packages, some pro components, some python components, some ruby components. Uh, then user share documentation, okay, so hey if you want to read the documentation, you can find that in, um, user share doc. Um, some metasploit components and some – also some additional, um, depackages, or libraries, which is another installer, okay. So you can do a man syslog, alright. We got close syslog, open log, syslog, send message to the system logger. Um, the description of this, let's see, uh, open log and it's going to go through each one. So open log, opens a connection to the system logger for a program, the strong points uh, by etc., etc., etc. Syslog generates a log message, will be distributed by system. Actually that's going to go on UBP, um, more than likely UBP514 is the port. Um, you can go read any additional options that you have down here, or anything that you would be interested in. And then also some of the components, uh, in the formats, so you have your authorization logs, you know, your CRON or your scheduling of events, the server components, FTP components, um, mail, news, syslog, user, am, and then level. This determines the importance of the message, levels for each alert. See you got an emergency alert, critical, error, warning, notice, information, very, very similar to what you would see in the Windows side of things. Um, uh, and that's basically it. You know, an overview of how to install syslog, okay. Um, so if we do syslog-ng, actually rsyslog, okay, actually it's not rsyslog. What I'll do is I'll cover the, the actual running of the application in another video. Um, I just wanted to show you the install at this point so you can get it set up and then we can cover the, uh, uh, configure of syslog in another video. Thanks for watching. My name is Leo Dregier. Don't forget to check in the discussions and then the forums and I'll see you in the next video. [/toggle_content] This lab in the Log Capturing and Event Correlation lab series introduces you to the open source event log tool, syslog-ng. The syslog-ng lab explores how to install this multi-platform tool using the package manager and repositories of the platform where it will live using both the UNIX and Linux systems to demonstrate how things differ. You’ll learn how it monitors devices on any system and reports using the native environment.
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?