On 3/20/07, Steve Linabery <slinabery at worldcycling.com> wrote:
> Hi,
>
> I have a machine running CentOS 4.4. Pretty much a stock server install; I've done my usual checklist of things to turn off (isdn, portmap, nfs stuff, etc).
>
> Almost all the log files (including old rotated logs) in /var/log are empty or nearly empty.
>
> syslogd is running; 'logger teststring' produces an entry in /var/log/messages
>
> Upon system restart, there are a few lines in /var/log/messages, but nothing like what I'd expect. Remote logins are not being logged.
>
> My gut reaction to something like this is always "oh s***, it's been compromised", but I was wondering if anyone had any other possible explanations...

Hopefully you've been keeping your system updated so as to minimize
risks.  As to additional logging, you'll need to modify your
/etc/syslog.conf for what you want to log as well as the level of
verbosity.  I haven't looked into a CentOS syslog.conf file, but I
believe they turn down verbosity so as to keep logfiles from filling
up.

I believe it's authlog you want to enable to log remote users, but
don't recall offhand.
-- 
-Shawn

-Nemo me impune lacessit.  Ne Obliviscaris..