Syslog

00:00

Hello and welcome to our final configuration video.

00:05

Our goal for this video is to enable SIS lock forwarding on our Web server

00:10

to start,

00:11

let's go into our Web server

00:16

and again

00:28

we'll be going toe, etc.

00:31

RCIs Aug dot d.

00:35

I will be editing the 50 dash default dot com file

00:50

going down to the very bottom. We can edit the little comment.

01:04

The first piece.

01:10

This town is just solid to grab all the logs regardless of file, name or file extension

01:17

next week, the point where he wants a slug to send the locks too.

01:26

In my case, I'll be sending them directly to the Oasis Time server

01:32

over port 514

01:34

which is usually reserved for CeCe Log

01:40

Control X.

01:41

Why and enter To save the file,

01:52

we could do a quick tale to make sure if I was safe.

01:57

Once we've confirmed the file is safe, we have to restart the service.

02:06

It will ask you for your admin credentials.

02:09

The service has been restarted

02:14

to confirm this activity. We can go into our oasis. I am server

02:23

jailbreak.

02:27

We will be using a program called TCP Dump.

02:30

DCP Dump allows us to monitor network interface in a certain port for traffic.

02:39

Our interface on our server is zero.

02:43

That be

02:45

Doc W

02:50

Deb. No

02:51

SRC

02:53

filed by the I p

02:54

of our Web server

02:59

hand port 514

03:07

You can see got zero.

03:09

This means that the O side server has not received any logs yet.

03:15

We can help this along.

03:16

To get some locks going. We could go into our colleague machine,

03:22

open up a terminal

03:30

and create some sshh failed bargain alerts.

03:46

Okay,

03:49

Going back to our server,

03:51

we could see got 66

03:54

for a live example.

03:57

Go back our Web server.

04:00

Log on with the wrong password.

04:12

As you can see, the value increases

04:15

as the Web server creates the long and sends it over

04:27

perfect.

04:33

They should also have great. It's mainly about alarms

04:45

going at the alarms. We can see some

04:46

sssh brute force activity sourcing from our Colin machine.

04:59

We could see all our failed passwords

05:04

going into the event. Specifically,

05:08

you could see the Web server is the origin of this log.