Results 1 to 2 of 2

Thread: Logging

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    31

    Default Logging

    Hi y'all:

    What logging tools/methods do you recommend for the system that you are attacking from?

    Aside from, exporting the command history from all terminals, tcpdumps, piping STDOUT, etc. does anybody save syslog data?

    I want to ensure that I am saving the relevant stuff, but not overdoing it.

  2. #2

    Default

    You seem to have the basics covered. For due diligence, I script all terminal windows and also stamp them at the beginning with date/time and IP address. The logs are written to a log directory with a projectname-dtg so I can refer back to it. I run tcpdump and write that to the same directory as the logs, with the same projectname-dtg and with a .pcap extension.

    Legally and for your own analysis, that should be sufficient.

    If you do a lot of work via gui/web interface, you may want to use a keylogger as well, so that information is captured as well.

    Good Luck...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •