HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   monitor log activity (http://www.howtoforge.com/forums/showthread.php?t=59210)

blinky 23rd October 2012 14:26

monitor log activity
 
Good morning,

It's been a three or four week project but after much reading, much tinkering and much hair pulling I now seem to have a functional Ubuntu machine running Apache, VSFTP, Postfix/Dovecot (virtual domains and users), PostFix Admin, Roundcube Mail, and PHPBB. I'm pretty sure everything's working fine but, of course, there's likely much fine tuning to be done and it's all been a great learning experience. I am such a newbie to Linux/Ubuntu and trying to get my head around something as simple as permsissions/groups/users was, itself, a bit of a learning curve.

Anyways what I'm wondering is what the best way might be to "monitor" server activity. For the short term, I've just been opening various terminal windows and runnint the "tail -f /var/log/syslog" (or whatever other log files I want to monitor) and keeping an eye on what's going on in real-time.

This works well however when the log files are maintained in their daily run my terminal tasks simply stop working. I can, of course, Ctrl-C and simply re-run the command and it's good for another day but I'd like something a bit more "hands-free".

I installed Monit as well but it really doesn't give me the detailed information in real-time the way I'd like.

Anyone have any ideas on this?

(Oh, incidently, leaving a terminal window open showing server activity has revealled some interesting information. Like, for instance, a brute force four hour attempted plain text mail login session with countless user names and password combintations so I can see some benefits to having terminal windows open to monitor server activity.)

Thanking you in advance.

till 23rd October 2012 14:36

Quote:

(Oh, incidently, leaving a terminal window open showing server activity has revealled some interesting information. Like, for instance, a brute force four hour attempted plain text mail login session with countless user names and password combintations so I can see some benefits to having terminal windows open to monitor server activity.)
You might want to install fail2ban to block such attacks automatically.

blinky 23rd October 2012 14:52

Quote:

Originally Posted by till (Post 287191)
You might want to install fail2ban to block such attacks automatically.

I shall take a look at that and see how difficult it might be to integrate into the existing configuration. For the time being, I merely blocked the IP address from which that attack originated.

But being able to monitor server activity in real-time (especially in an extremely low-volume setting like this) would help to identify problems one might otherwise not be aware of.

Thanks for the recommendation and I'll definitely look into it.


All times are GMT +2. The time now is 03:07.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.