Kategoriearchive: syslog-ng

handle xt_recent from syslog-ng 2

The solution from Block outdated clients won´t work with syslog-ng 3.4.2, because syslog-ng syslog-ng uses “lseek()” to get the end of /proc/net/xt_recent/something while the program() destination just starts the program. Withe the destination file you get log-entries like: Aug 29 00:00:44 mx03.schaal-24.de syslog-ng[20351]: Error suspend timeout has elapsed, attempting to […]

syslog-ng OSE configurator 2

Under mitzkia.github.com/syslog-ng-ose-configurator you can find a configurator for syslog-ng. It still lacks a few syslog-ng features but otherwise this is a very round thing. I’m not quite sure if it’s worth an app for such a complex config. But for simple installations already very useful.

pattern-database for syslog-ng

The pattern-db of syslog-ng is extremely convenient to divide individual messages or to highlight specific messages. As long as a message fits into a certain pattern, it can be marked with a tag that can then be used in the syslog-ng.conf. For example: <patterns> <pattern>Accepted publickey for @STRING:.sys.ssh.user@ from @IPv4:.sys.ssh.ip@ […]

view different logs with multitail at once

I’ve recently discovered multitail for me. This allows the view of different logfiles simultaneously in fixed places. Previously I have used tail -f /var/log/a.log /var/log/b.log This works well but you have to be extremely careful which log it has just changed. Multitail is much better for this task. An accurate […]

Apache anonymisieren

In the apache access.log all ip addresses are stored complete. This is neither necessary for statistcs nor it´s needed to store these data. IPv4 addresses can be quite simple anonymous, if the last part is changed. I.e. goes to The most statistic-tools can handle the data furthermore. As […]

Block outdated clients 1

There can be problems with the destination file. A solution can be found in the post handle xt_recent from syslog-ng. Due to numerous connects of outdated clients on my clamav-mirror (> 300,000 / day), i add single IP temporarily to the firewall. Requirements: Apache HTTP-Server syslog-ng iptables Configure Apache HTTP-Server The Access […]

Apache without static content

Most log entries when using CMS you actually need and they do not prevent the view of the more essential. The whole can be relatively easily prevented by an entry in each vhost: SetEnvIf Request_URI “\ (txt | jpg | png | gif | ico | js | css | […]