monitor log activity

Discussion in 'Server Operation' started by blinky, Oct 23, 2012.

  1. blinky

    blinky Member

    Good morning,

    It's been a three or four week project but after much reading, much tinkering and much hair pulling I now seem to have a functional Ubuntu machine running Apache, VSFTP, Postfix/Dovecot (virtual domains and users), PostFix Admin, Roundcube Mail, and PHPBB. I'm pretty sure everything's working fine but, of course, there's likely much fine tuning to be done and it's all been a great learning experience. I am such a newbie to Linux/Ubuntu and trying to get my head around something as simple as permsissions/groups/users was, itself, a bit of a learning curve.

    Anyways what I'm wondering is what the best way might be to "monitor" server activity. For the short term, I've just been opening various terminal windows and runnint the "tail -f /var/log/syslog" (or whatever other log files I want to monitor) and keeping an eye on what's going on in real-time.

    This works well however when the log files are maintained in their daily run my terminal tasks simply stop working. I can, of course, Ctrl-C and simply re-run the command and it's good for another day but I'd like something a bit more "hands-free".

    I installed Monit as well but it really doesn't give me the detailed information in real-time the way I'd like.

    Anyone have any ideas on this?

    (Oh, incidently, leaving a terminal window open showing server activity has revealled some interesting information. Like, for instance, a brute force four hour attempted plain text mail login session with countless user names and password combintations so I can see some benefits to having terminal windows open to monitor server activity.)

    Thanking you in advance.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You might want to install fail2ban to block such attacks automatically.
  3. blinky

    blinky Member

    I shall take a look at that and see how difficult it might be to integrate into the existing configuration. For the time being, I merely blocked the IP address from which that attack originated.

    But being able to monitor server activity in real-time (especially in an extremely low-volume setting like this) would help to identify problems one might otherwise not be aware of.

    Thanks for the recommendation and I'll definitely look into it.

Share This Page