The solution from Block outdated clients won´t work with syslog-ng 3.4.2, because syslog-ng syslog-ng uses “lseek()” to get the end of /proc/net/xt_recent/something while the program() destination just starts the program. Withe the destination file you get log-entries like: Aug 29 00:00:44 mx03.schaal-24.de syslog-ng[20351]: Error suspend timeout has elapsed, attempting to […]
Under mitzkia.github.com/syslog-ng-ose-configurator you can find a configurator for syslog-ng. It still lacks a few syslog-ng features but otherwise this is a very round thing. I’m not quite sure if it’s worth an app for such a complex config. But for simple installations already very useful.
The pattern-db of syslog-ng is extremely convenient to divide individual messages or to highlight specific messages. As long as a message fits into a certain pattern, it can be marked with a tag that can then be used in the syslog-ng.conf. For example: <patterns> <pattern>Accepted publickey for @STRING:.sys.ssh.user@ from @IPv4:.sys.ssh.ip@ […]
I’ve recently discovered multitail for me. This allows the view of different logfiles simultaneously in fixed places. Previously I have used tail -f /var/log/a.log /var/log/b.log This works well but you have to be extremely careful which log it has just changed. Multitail is much better for this task. An accurate […]
In the apache access.log all ip addresses are stored complete. This is neither necessary for statistcs nor it´s needed to store these data. IPv4 addresses can be quite simple anonymous, if the last part is changed. I.e. 176.9.33.188 goes to 176.9.33.0 The most statistic-tools can handle the data furthermore. As […]
There can be problems with the destination file. A solution can be found in the post handle xt_recent from syslog-ng. Due to numerous connects of outdated clients on my clamav-mirror (> 300,000 / day), i add single IP temporarily to the firewall. Requirements: Apache HTTP-Server syslog-ng iptables Configure Apache HTTP-Server The Access […]
Most log entries when using CMS you actually need and they do not prevent the view of the more essential. The whole can be relatively easily prevented by an entry in each vhost: SetEnvIf Request_URI “\ (txt | jpg | png | gif | ico | js | css | […]