Kategoriearchive: syslog-ng

handle xt_recent from syslog-ng 2

The solution from Block outdated clients won´t work with syslog-ng 3.4.2, because syslog-ng syslog-ng uses “lseek()” to get the end of /proc/net/xt_recent/something while the program() destination just starts the program. Withe the destination file you get log-entries like: Aug 29 00:00:44 mx03.schaal-24.de syslog-ng[20351]: Error suspend timeout has elapsed, attempting to […]

Postfix / Postscreen – add IP to the firewall

Robert Schetterer´s post (Botnet-Angriffe mit rsyslog und iptables recent module abwehren) to immediately add a IP by rsyslog to the firewall when they were rejected by postscreen has led me to present my solution here for syslog-ng. I do not use a pipe, but contribute about syslog-ng the appropriate IP […]

syslog-ng OSE configurator 2

Under mitzkia.github.com/syslog-ng-ose-configurator you can find a configurator for syslog-ng. It still lacks a few syslog-ng features but otherwise this is a very round thing. I’m not quite sure if it’s worth an app for such a complex config. But for simple installations already very useful.

limit traffic on clamav-mirror 1

I´m running a mirror for clamav. Since some clients always download the main.cvd instead of diffs and that results in a traffic up to 150 MB per day for each client. So i searched for a solution, to reduce the current monthly traffic of ~2TB. Fortunately apache sends already the […]

pattern-database for syslog-ng

The pattern-db of syslog-ng is extremely convenient to divide individual messages or to highlight specific messages. As long as a message fits into a certain pattern, it can be marked with a tag that can then be used in the syslog-ng.conf. For example: <patterns> <pattern>Accepted publickey for @STRING:.sys.ssh.user@ from @IPv4:.sys.ssh.ip@ […]

view different logs with multitail at once

I’ve recently discovered multitail for me. This allows the view of different logfiles simultaneously in fixed places. Previously I have used tail -f /var/log/a.log /var/log/b.log This works well but you have to be extremely careful which log it has just changed. Multitail is much better for this task. An accurate […]

Apache anonymisieren

In the apache access.log all ip addresses are stored complete. This is neither necessary for statistcs nor it´s needed to store these data. IPv4 addresses can be quite simple anonymous, if the last part is changed. I.e. goes to The most statistic-tools can handle the data furthermore. As […]

ISPConfig – Apache-Logfiles and syslog 1

By default ISPConfig is using vlogger for writing apache-logs as file and to store some data to the database. I don´t like this way as it stores in a multi-server setup the logs only on each server. So if you´re already running a centralisied log-server, you will never get all […]