Jan 302013
 

When you run a webserver behind a reverse proxy or HTTP accelerator such as Varnish, the webserver access logs will display the IP of the proxy (generally 127.0.0.1) instead of the end user’s IP.
This is a problem when you have a software like webalizer, awstats or similar log file analysis program, because you lose one of the most important information: “Who is the requestor of a page ?”, also having all the access coming from the same IP (127.0.0.1) you lose information such as “what’s the browsing pattern of visitors ?” “Is someone trying to do something Nasty ?”

In this small how-to I’ll show how to put this information back on your Nginx log files in 2 different ways.

Continue reading »

flattr this!

Dec 022012
 

Logging is a critical thing for all system administrators, if you log too much and you don’t manage the files you could fill up a partition or even worst stop some service, if you don’t log enough you’ll lose information when something goes wrong, in general a good solution for this is to send all the logs to a central server that will store for the time you need them, and keep just 1,2 days of log into the local machine.

You could do this configuration easily with rsyslog or syslog-ng to send/receive the logs and logrotate to rotate the files locally on your machines, today I want to show you some open source programs that can receive the logs, store them on filesystem or database and analyse them presenting the results via Web dashboards.

These are large applications most suited for big company, or in general to everyone that want to keep and manage a lot of data they are: Apache Flume, Logstash, Greylog2 and Scribe

Continue reading »

flattr this!

Nov 232012
 

In the past I’ve published some info to enhance the security of your ssh server such as 3 easy steps to strengthen your ssh server or how to use SSH for more secure browsing in public networks, today we’ll take a look at the PAM modules of GNU/Linux and in particular the module ssh and at some options that we can activate to strengthen our ssh server.

Continue reading »

flattr this!

Protect your server with SSHGuard

Protect your server with SSHGuard

I’ve already talked about fail2ban and logcheck, 2 tools that can scan your logs and do actions, based on rules that you can give/modify, usually modify your iptables rules to stop active attacks against your server or simply send you a warning if some thing is found in the logs. Today we’ll see a similar […]