[Linux-disciples] System Logs
Adam Rosi-Kessel
adam at rosi-kessel.org
Wed Mar 1 10:49:49 EST 2006
Jason Smith wrote:
> I have posted my logs here:
> www.pihp.com/syslog
> www.pihp.com/syslog.0
> www.pihp.com/syslog.1
> www.pihp.com/dmesg
Those links are apparently broken--did you make the files world readable?
Are they perhaps in a subdirectory?
> I also looked at my auth.log and noticed a myriad of "illegal user"
> attempts. Shouldn't I report the IP addresses or is that futile?
It's not worth reporting them. bostoncoop.net gets as several thousand of
those attempts per week. Here is the solution I use:
http://adam.rosi-kessel.org/weblog/free_software/code/ssh_login_blocker.html
> Is it possible to get my logs sent to me daily/weekly or some such?
Yes, there are several ways to do that. We use logcheck
<http://logcheck.alioth.debian.org/>. If you are using Debian, it is a
simple task to just install it and tell it where you want it to email logs.
The trick is filtering out stuff that is not interesting: if there is too
much, you won't be able to look through them. We have fairly fine-tuned
logcheck filter files on bostoncoop.net, which you are welcome to borrow, or
you can use the defaults that come with logcheck.
There is also logwatch, <http://www.logwatch.org/>, that performs a similar
task in a slightly different way. We also use logwatch. logwatch gives us a
daily summary, while logcheck emails us as events occur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20060301/ee4c2f49/signature.pgp
More information about the Linux-disciples
mailing list