The solution from Block outdated clients won´t work with syslog-ng 3.4.2, because syslog-ng syslog-ng uses “lseek()” to get the end of /proc/net/xt_recent/something while the program() destination just starts the program. Withe the destination file you get log-entries like: Aug 29 00:00:44 mx03.schaal-24.de syslog-ng: Error suspend timeout has elapsed, attempting to […]
Robert Schetterer´s post (Botnet-Angriffe mit rsyslog und iptables recent module abwehren) to immediately add a IP by rsyslog to the firewall when they were rejected by postscreen has led me to present my solution here for syslog-ng. I do not use a pipe, but contribute about syslog-ng the appropriate IP […]
Under mitzkia.github.com/syslog-ng-ose-configurator you can find a configurator for syslog-ng. It still lacks a few syslog-ng features but otherwise this is a very round thing. I’m not quite sure if it’s worth an app for such a complex config. But for simple installations already very useful.
I´m running a mirror for clamav. Since some clients always download the main.cvd instead of diffs and that results in a traffic up to 150 MB per day for each client. So i searched for a solution, to reduce the current monthly traffic of ~2TB. Fortunately apache sends already the […]
The pattern-db of syslog-ng is extremely convenient to divide individual messages or to highlight specific messages. As long as a message fits into a certain pattern, it can be marked with a tag that can then be used in the syslog-ng.conf. For example: <patterns> <pattern>Accepted publickey for @STRING:.sys.ssh.user@ from @IPv4:.sys.ssh.ip@ […]
I’ve recently discovered multitail for me. This allows the view of different logfiles simultaneously in fixed places. Previously I have used tail -f /var/log/a.log /var/log/b.log This works well but you have to be extremely careful which log it has just changed. Multitail is much better for this task. An accurate […]
In the apache access.log all ip addresses are stored complete. This is neither necessary for statistcs nor it´s needed to store these data. IPv4 addresses can be quite simple anonymous, if the last part is changed. I.e. 184.108.40.206 goes to 220.127.116.11 The most statistic-tools can handle the data furthermore. As […]
By default ISPConfig is using vlogger for writing apache-logs as file and to store some data to the database. I don´t like this way as it stores in a multi-server setup the logs only on each server. So if you´re already running a centralisied log-server, you will never get all […]