Skip to content

Piero Bosio Social Web Site Personale Logo Fediverso

Social Forum federato con il resto del mondo. Non contano le istanze, contano le persone
  1. Home
  2. Categories
  3. Uncategorized
  4. What is this "sort-of fail2ban?" I talked about in my last post, you may ask.

What is this "sort-of fail2ban?" I talked about in my last post, you may ask.

Uncategorized
1 1 2
  • twm@mastodon.bsd.cafeundefined

    What is this "sort-of fail2ban?" I talked about in my last post, you may ask. Simple...

    I wanted some sort of syslog aggregation but found the popular software packages way too big and complicated (plus in one certain case: cumbersome to configure and poorly documented). Settled on a central syslogd instead.

    Having the central syslog was nice, but "grep" was insufficient for more structured searches, so I wrote a small tool to feed it all into a PostgreSQL-DB and a small command line client for querying the DB without having to write a full SQL query every time.

    "Hm, when I feed it into the DB I could already extract the interesting parts and have a small and fast index for those?!". Done.

    Having that I now can do two things:

    1) A single SELECT gets me an accumulated list of bad actor IPs that I can feed into "pf" periodically.

    2) A VIEW and another single SELECT gets me an RSS feed of things I like to know about.

    These two things were not planned at all when I started with the log aggregation, yet turned out to be incredibly handy.

    The whole project has only about 900 lines of code (mostly Perl, some SQL, a tiny bit of Go).

    Which selfmade tools do you have?

    1
    0
  • stefano@mastodon.bsd.cafeundefined stefano@mastodon.bsd.cafe shared this topic
Log in to reply

Feed RSS
What is this "sort-of fail2ban?" I talked about in my last post, you may ask.

Gli ultimi otto messaggi ricevuti dalla Federazione
@pierobosio@soc.bosio.info
Post suggeriti