The solution from Block outdated clients won´t work with syslog-ng 3.4.2, because syslog-ng syslog-ng uses “lseek()” to get the end of /proc/net/xt_recent/something while the program() destination just starts the program. Withe the destination file you get log-entries like: Aug 29 00:00:44 mx03.schaal-24.de syslog-ng[20351]: Error suspend timeout has elapsed, attempting to […]
Under mitzkia.github.com/syslog-ng-ose-configurator you can find a configurator for syslog-ng. It still lacks a few syslog-ng features but otherwise this is a very round thing. I’m not quite sure if it’s worth an app for such a complex config. But for simple installations already very useful.
The pattern-db of syslog-ng is extremely convenient to divide individual messages or to highlight specific messages. As long as a message fits into a certain pattern, it can be marked with a tag that can then be used in the syslog-ng.conf. For example: <patterns> <pattern>Accepted publickey for @STRING:.sys.ssh.user@ from @IPv4:.sys.ssh.ip@ […]
I’ve recently discovered multitail for me. This allows the view of different logfiles simultaneously in fixed places. Previously I have used tail -f /var/log/a.log /var/log/b.log This works well but you have to be extremely careful which log it has just changed. Multitail is much better for this task. An accurate […]
In the apache access.log all ip addresses are stored complete. This is neither necessary for statistcs nor it´s needed to store these data. IPv4 addresses can be quite simple anonymous, if the last part is changed. I.e. 176.9.33.188 goes to 176.9.33.0 The most statistic-tools can handle the data furthermore. As […]
There can be problems with the destination file. A solution can be found in the post handle xt_recent from syslog-ng. Due to numerous connects of outdated clients on my clamav-mirror (> 300,000 / day), i add single IP temporarily to the firewall. Requirements: Apache HTTP-Server syslog-ng iptables Configure Apache HTTP-Server The Access […]