Real-time log inspection

Inspector General

The End Is Nigh

As you have seen, Teler is a highly useful addition to any security toolbox. If you want to experiment with real-time log scanning – as opposed to reading from saved logfiles – then the docs point you to stdbuf [8], which is a command to pull in data in a stream:

$ tail -f access.log | stdbuf -oL cut -d aq aq -f1 | uniq

With the tail command, it is possible to format the entries into a useful layout that scripts and other applications can use.

I will be keeping an eye on Teler as new features and supported formats are developed in later versions.

Infos

Logwatch: https://www.admin-magazine.com/Archive/2015/25/Lean-on-Logwatch
Teler: https://github.com/kitabisa/teler
Teler release page: https://github.com/kitabisa/teler/releases
Docker Engine: https://docs.docker.com/engine/install
Teler config example: https://github.com/kitabisa/teler/blob/master/teler.example.yaml
Common log format: https://en.wikipedia.org/wiki/Common_Log_Format
Teler resource collections: https://github.com/kitabisa/teler-resources
stdbuf: https://linux.die.net/man/1/stdbuf

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

« Previous 1 2