logs | Linuxaria

How to log the correct Ip having Varnish and Nginx

Jan 302013

When you run a webserver behind a reverse proxy or HTTP accelerator such as Varnish, the webserver access logs will display the IP of the proxy (generally 127.0.0.1) instead of the end user’s IP.
This is a problem when you have a software like webalizer, awstats or similar log file analysis program, because you lose one of the most important information: “Who is the requestor of a page ?”, also having all the access coming from the same IP (127.0.0.1) you lose information such as “what’s the browsing pattern of visitors ?” “Is someone trying to do something Nasty ?”

In this small how-to I’ll show how to put this information back on your Nginx log files in 2 different ways.

4 open source software to analyse big quantity of log files

Articles, Reviews No Responses »

Dec 022012

Logging is a critical thing for all system administrators, if you log too much and you don’t manage the files you could fill up a partition or even worst stop some service, if you don’t log enough you’ll lose information when something goes wrong, in general a good solution for this is to send all the logs to a central server that will store for the time you need them, and keep just 1,2 days of log into the local machine.

You could do this configuration easily with rsyslog or syslog-ng to send/receive the logs and logrotate to rotate the files locally on your machines, today I want to show you some open source programs that can receive the logs, store them on filesystem or database and analyse them presenting the results via Web dashboards.

These are large applications most suited for big company, or in general to everyone that want to keep and manage a lot of data they are: Apache Flume, Logstash, Greylog2 and Scribe

Add security to your ssh daemon with PAM module

Guides, Pills No Responses »

Nov 232012

In the past I’ve published some info to enhance the security of your ssh server such as 3 easy steps to strengthen your ssh server or how to use SSH for more secure browsing in public networks, today we’ll take a look at the PAM modules of GNU/Linux and in particular the module ssh and at some options that we can activate to strengthen our ssh server.

Protect your server with SSHGuard

11/01/2011
Protect your server with SSHGuard
Posted by Riccardo at 23:01
9 Responses
Guides, Reviews
Tagged with: daemon, fail2ban, firewall one, firewalling, iptables, linux, log message, logcheck, logs, networked service, security, sshguard, syslog

I’ve already talked about fail2ban and logcheck, 2 tools that can scan your logs and do actions, based on rules that you can give/modify, usually modify your iptables rules to stop active attacks against your server or simply send you a warning if some thing is found in the logs. Today we’ll see a similar […]