08Dec2004 (UTC -8) On Wed, 8 Dec 2004 07:56:02 +0800, Philip Villamin <[EMAIL PROTECTED]> wrote: > Our server got unstable last night and had to be rebooted. I am interested > to know what transpired in the server before it went down. How can I check > for spamming, server overload, brute attack ? What log files can I check ? > What other records to check so we will know the cause? Your tips and advice > are deeply appreciated.
Philip, the log files in /var can pretty much give you very significant clues on what really happened. However, before you go poking around and stuff, I strongly suggest that you make a backup of everything on the disk(s) first. This is so that you don't accidentally change anything and later confuse/contradict yourself. Imaging the disk(s) is a better idea. Drexx Laggui Principal Consultant, Information Security Metro Manila, Philippines http://www.laggui.com (work) http://www.pbase.com/drexx (play) -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
