HIDS 1006

From Atomicorp Wiki
Jump to: navigation, search

Example log message:

server syslogd 1.4.1: restart.

Explanation:

This means the syslogd system has been restarted. The system servers as the main logging system for the OS. It may be periodically restarted when logs or rotated, or if its software is updated. It may also be restarted via unauthorized activity, such as if the logging system was deactivated to hide actions and then restarted later.

Logs should be audited to see if the syslog system was disabled at any point. The HIDS 1004 and HIDS 1104 events will log if the syslogd system is specifically shut down (as opposed to restarted).

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_1006&oldid=2015"
Personal tools