rsyslog, is there a way to see the facility codes of messages recieved?

I have a cisco ftd sending logs to tagged with local3(19) however I am still seeing some messages ending up in my users.log instead of where i have them configured to be sent. Is that where they would end up if untagged? or is there was way to verify they are being tagged with ‘user’ or facility code 1? I do not have user commented out in my rsyslog.conf.

Go to Source
Author: Security_Pete

Powershell – include Get-Date in .log file inside the Add-Content Cmdlet

I’ve made a small Powershell Script which deletes alle files and folders except specific ones.
The script itself works pretty good but I have a lot of troubble getting the logging to work. I’m currently on a good way with the Add-Content Cmdlet which works good. The only thing I now want to include is a small Get-Date Cmdlet inside the Add-Content which also includes the current time in the log when the specific file/folder was deleted. But I just can’t get it to work properly. Can someone help me?

Here is what I got so far:

Get-ChildItem -Path 'C:sample*notesdata' -Recurse -exclude names.nsf |
Select -ExpandProperty FullName |
Where {$_ -notlike 'C:sample*notesdataRoaming*'} |
Where {$_ -notlike 'C:sample*notesdataArchive*'} |
sort length -Descending |
Remove-Item -force -Recurse -Verbose 4>&1 | Add-Content -Path .ergebnis.log, .ergebnis2.log -Value (Get-Date)

The file “names.nsf” and the folders “Roaming”, “Archive” will not get deleted.

Thanks for your help 🙂

Go to Source
Author: Valle

DNS DDOS Attack – would like to understand log

DNS DDOS Attack – would like to understand log

As part of a DOOS attack (largely inefectual) I am currently seeing log messages of the form:

<DATE> client <EXTERNAL-IP>#3074 (<NAME>): query: <SAME-NAME> IN RRSIG + (<ONE-OF-MY-IPs>)

My reading of the DNS log suggests that this is a query coming from < EXTERNAL-IP >, with the result to be sent to < ONE-OF-MY-IPs >. Is that correct?

We are running an older BIND, soon to be upgraded, but I was hoping to understand what this query is actually doing (many are sent).

Edit: Also, would be nice to know how they are able to structure it to send the result to another IP.

Go to Source
Author: RabidMutant