Server :: Disabling Syslog Compression?
Dec 3, 2010
I�m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack.For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP.Here�s an example:
Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found
[code].....
View 1 Replies
ADVERTISEMENT
May 11, 2011
Trying to figure out why the following two are treated differently...
Code:
*.warn;
kern.!=debug;auth.none;
authpriv.none;cron.none;mail.none;news.none -/var/log/syslog
and
[Code]....
According to man syslog.conf "You can specify multiple facilities with the same priority pattern in one statement using the comma (``,'') operator. You may specify as much facilities as you want. Remember that only the facility part from such a statement is taken, a priority part would be skipped."
Can someone confirm that this statement means that kern.!=debug is ignored in the first part because it's priority is not the same as the trailing facilities ending in .none?
View 1 Replies
View Related
Dec 11, 2010
I am looking for an open source syslog server which accumulate the each and every log of Windows, Solaris, Linux and network devices. Currently I am using Syslog-ng which is not fulfiling my requirement in Windows clients, as I need the logs of every action which user performed after logon.
View 2 Replies
View Related
May 26, 2011
We have been using an Ultrium LTO-2 tape drive to perform backups of certain information from our file server. Recently, the data that we are backing up has grown too large to fit on the tapes in their 200GB uncompressed capacity. I have been looking around for a way to enable the compression in the drive, but I haven't found much. I am not using any backup software, so I'm not sure if I'll even be able to. I write the tape using a simple 'tar' command, so there aren't a whole lot of options to be set. Is there a way that I can enable the drive's compression, or would I be better off running the tar command with the gzip or bzip flags?
View 4 Replies
View Related
Mar 17, 2011
I have set up a nis slave server on Fedora 14. It was set up on a laptop so that the user can log in when he is at home (no NFS, local home dir). However, whenever the eth0 is disconnected, ypbind fails.
I have tried the same setup on a RHEL 4 (configured it as a slave server) against the same master nis as on the Fedora 14. Disabling eth0 on it however does not fail ypbind.
View 4 Replies
View Related
May 5, 2009
trying to replace syslog with syslog-ng. When I:
yum erase syslog,
wants to remove everything else that (presumably) has syslog as a dependency. how do I replace the dependency on syslog with a dependency on syslog-ng?
View 3 Replies
View Related
Mar 10, 2010
How to set up syslog server on Fedora 10 Linux server ?
View 1 Replies
View Related
Nov 14, 2010
Im trying to get syslog-ng to log ssh stuff to a own file (later i want it to be forwarded to a other server but thats a later problem.
The thing is that if i restart my syslog-ng server and login with ssh, it logs it. but when i login again it dont. But if i restart the syslog-ng daemon again it logs again, but only once.
Here is my config.
Code:
View 1 Replies
View Related
Oct 7, 2010
I noticed in my system that my root partition is getting full. I found a lot of old compacted syslogfiles. Had a look at etc/sysconfig editor eg cron but could not find a setting which allows to delete files older than a month. Where and how could I influence this ? I deleted manually all syslog files older than a month. Approx 6GB
View 9 Replies
View Related
Jun 1, 2011
I tried to install Syslog-ng-3.2.4 in Centos 5.6,when i need to start the deamon syslog-ng =>Failure and i have this message:
Code: [root@RelaisXXX etc]# service syslog-ng start Starting syslog-ng: Your configuration file uses an obsoleted keyword, please up Your configuration file uses an obsoleted keyword, please update your configurat
Error creating persistent state file; filename='/usr/local/var/syslog-ng.persist Starting Kernel Logger [FAILED]:
View 18 Replies
View Related
Mar 10, 2011
I'm guessing its possible but I can't seem to find any documentation on how to do this.I've tried playing with entries at the top of my syslog.conf file like:
*.* @172.20.10.1 # 1 server, works file
*.* @172.20.10.1,172.20.20.11 # doesn't work
*.* @172.20.10.1 172.20.20.11 # nor this
*.* @172.20.10.1,@172.20.20.11 # nor this
*.* @172.20.10.1 @172.20.20.11 # nor this
View 3 Replies
View Related
Feb 8, 2011
What is the easiest way in Linux to convert syslog messages to XML?
View 1 Replies
View Related
Jan 11, 2009
I open "man vsftpd.conf", it says syslog_enable If enabled, then any log output which would have gone o /var/log/vsftpd.log goes to the system log instead. Logging is done under the FTPD facility. Default: NO So I add "syslog_enable=YES" to the /etc/vsftpd.conf, and add "ftpd.* /var/log/ftplog" into /etc/syslog.conf. But there is no log infomation in the ftplog file.
View 7 Replies
View Related
Nov 20, 2009
how to configure syslog server in centos?
View 3 Replies
View Related
Dec 9, 2009
I have the following BIND messages filling up my SysLog that I'm hoping someone can explain to me:
Code:
Dec 9 09:35:44 dns2 named[30103]: client 67.130.224.5#49551: query (cache) 'www.domain.com/A/IN' denied
Dec 9 09:35:47 dns2 named[30103]: client 67.130.224.5#64561: query (cache) 'www.domain.com/A/IN' denied
[code].....
I would expect this behavior if "domain.com and anotherdomain.com" wasn't a domain that I hosted. But this is a valid domain that this server should be answering for. In my named.conf I do have the
Quote:
allow-query { any; };
option on every zone. This is my slave server and I have the primary shut off so I can test this slave server. FYI: So far queriers still seem to be working. The pages for the sites are still coming up via the internet.
View 1 Replies
View Related
Jan 17, 2011
configure syslog server on ubuntu now i want to export logs of windows and ubuntu desktop to the syslog server
View 6 Replies
View Related
May 12, 2009
Can syslog be used to "watch" other log-Files from other software? I would like to get an info in messages if a logfile of squid is changed/something is added.
View 4 Replies
View Related
May 20, 2010
In my system, I see two syslog configuration files, /etc/rsyslog.conf and /etc/syslog.conf.. What is the use of each file? I know only that of /etc/syslog.conf...how about /etc/rsyslog.conf? what is its use?
View 1 Replies
View Related
Dec 16, 2009
We have several SLES, CentOS, Fedora server and use logmail to filter the logs on our central syslog-Server. The problem is, that the filtering take more and more time and the configuration gets more and more confusing. What program to use to analyse our central logfile? Something mysql based?
View 1 Replies
View Related
Mar 18, 2010
I am currently using Syslog-NG to make the log files in the format of: $R_YEAR$R_MONTH$R_DAY$R_HOUR and I need to be a little more granular.
I am wondering if there is a way to to divide the hour by 12, making a new log file every 5 minutes. We have been using LogRotate, but when Syslog-NG is restarted we have some data loss. Is this possible? Another solution I can think of would be to add $R_MINUTE (or whatever it is) and run a cron job every 5 minutes to concatenate the files.
View 1 Replies
View Related
Feb 16, 2011
I am facing an issue with my syslog server. The server is collecting remote log also. and the issue is no log messages are updated in /var/log/messages file. But other files are getting updated.
[root@Server1 ~]# cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
[code]....
View 13 Replies
View Related
Sep 13, 2010
Syslog stops writing immediately after log rotation, after I start the system (but not after reboot), and at some other times, into my fast cgi application's log. It starts working after /etc/init.d/sysklogd restart.
Configuration:
I am using Ubuntu 8.04 lts server, Apache web server.
My (fast cgi) application uses code...
View 3 Replies
View Related
Aug 23, 2010
I have a postfix mailserver that works fine except for the logrotate.
syslog.conf
mail.* -/var/log/mail.log
logrotate.conf
/var/log/mail.log {
[Code]....
So when cron does the logrotate, there is a new logfile but its empty. After i restart the syslogd it gets back to its normal logging.
What am i missing? All this works with CentOS, why is Ubuntu such a pain...
View 3 Replies
View Related
Aug 7, 2011
I have a dual-processor x86 box with CentOS 5 Linux 2.6.18-238.19.1.el5, mysql Ver 14.12 Distrib 5.0.77, and tons of storage space. I want to run a syslog solution on this box for a SOHO infrastructure. We've got routers, switches, Windows servers, other Linux boxes, etc. I've looked at syslog-ng, but it seems rather overkill, but I like the idea of storing logs in a MySql database. Is there anything I can yum install?
View 2 Replies
View Related
Jun 6, 2011
I can't figure out how to prevent Zend Server starting at boot up. My temporary solution is to issue the following after boot-up:
Code:
sudo /usr/local/zend/bin/zendctl.sh stop
I'd like to:
1. Prevent it from starting during boot
2. Create two launcher icons to Start and Stop Zend Server
View 1 Replies
View Related
Jul 19, 2011
There are over a dozen of servers that I need to monitor for services running on them. Hence, I have created a separate VM on which I am hosting scripts for various purposes. I have written a script (bash) that checks the status of the services running on those servers. Since my script has this line of command (for example):
Code: /sbin/service vsftpd status I have created a user (let's name it user_monitor) and added it to /etc/sudoers file by issuing "visudo" on all the servers. Since I need to execute the command remotely from the VM so I have generated a Public RSA Key (ssh-heygen) and added it to "authorized_keys" file on all the servers. But on some servers when issue a command such as the following:
[Code]....
View 4 Replies
View Related
Sep 24, 2009
I'm running Ubuntu Desktop 9.10. How do I get it to forward its logs to a syslog server (its running on a different machine)?
View 2 Replies
View Related
Apr 19, 2011
How do clients handle offline syslog servers?Will the log files be buffered locally to be sent to the syslog server when it comes back online, or will any log data generated during downtime be lost in cyber space?
View 1 Replies
View Related
Apr 28, 2010
RHEL 5.4 i want to be able to do redistribution of inbound syslog messages to syslogd. as example, my syslog.conf has in it at the end:
*.* @192.168.5.5
*.* @192.168.5.6
my sysconfig/syslog file has "-r" as the only option for syslogd. any messages generated by the localhost will be sent to the two remote servers, but messages that come into this box (udp 514) only get logged locally and do not get sent out to the remote hosts.
you may ask why do i want to do this. because i have several syslog servers (for security purposes) and many of my net devices are configured to send syslog to all the syslog servers, hence each device is sending way too much duplicate udp-514. so i would like to minimize the udp-514 coming out of the devices, have all devices send to a central syslog server, and then central syslog server do distribution to the other syslog servers. others have also called this "syslog proxy". or, if not with syslogd, how to achieve this (preserving the original syslog message host info, etc)?
View 1 Replies
View Related
Jan 18, 2010
I am writing my own syslog collector, but im stuck with calculating the severity of the message. The PRI value is calculated:-
Code:
(Facility * 8) + Severity
But from the context of a collector, neither Facility or severity would be known? You need to know either severity or Facility to calculate facility or severity?! The RFC goes in to no more detail about calculating the severity value, other tan this expression.
View 1 Replies
View Related
