samhain supports the following facilities for logging:
e-mail — samhain uses built-in SMTP code, rather than an external mailer program. E-mails are signed to prevent forging.
syslog — The system logging utility.
console — If running as daemon,
/dev/console
is used, otherwise stderr./dev/console
can be replaced by other devices, including a FIFO.log file — Entries are signed to provide tamper-resistance.
log server — samhain uses TCP/IP with strong authentication and signed and encrypted messages.
external — samhain can be configured to invoke external programs for logging and/or taking some action upon certain conditions.
SQL db — Currently samhain supports MySQL, PostgreSQL, Oracle, and unixODBC.
Prelude — samhain can be compiled with support for the Prelude IDS, i.e. it can be used as a Prelude sensor.
Each of these logging facilities has to be activated by setting an appropriate threshold on the messages to be logged by this facility.
Note | |
---|---|
In addition, some of these facilities require proper settings in the configuration file (see next sections). |