112
Chapter 11
This chapter shows you how to examine and configure log files, as well
as how to remove evidence of your activity and even disable logging alto
gether. First, we’ll look at the daemon that does the logging.
The rsyslog Logging Daemon
Linux
uses a daemon called
syslogd
to automatically log events on your com
puter. Several variations of
syslog
, including
rsyslog
and
syslog-ng
, are used
on different
distributions of Linux, and even though they operate very simi
larly, some minor differences exist. Since Kali Linux is built on Debian, and
Debian comes with
rsyslog
by default, we focus on that utility in this chap
ter. If you want
to use other distributions, it’s worth doing a little research
on their logging systems.
Let’s take a look at
rsyslog
on your system. We’ll
search for all files
related to
rsyslog
. First, open a terminal in Kali and enter the following:
kali >
locate rsyslog
/etc/rsyslog.conf
/etc/rsyslog.d
/etc/default/rsyslog
/etc/init.d/rsyslog
/etc/logcheck/ignore.d.server/rsyslog
/etc/logrotate.d/rsyslog
/etc/rc0.d/K04rsyslog
--
snip
--
As you can see, numerous files contain the keyword
rsyslog
—some of
which are more useful than others. The one we want to examine is the con
figuration file
rsyslog.conf.
