« Previous 1 2

Real-time log inspection

Inspector General

The End Is Nigh

As you have seen, Teler is a highly useful addition to any security toolbox. If you want to experiment with real-time log scanning – as opposed to reading from saved logfiles – then the docs point you to stdbuf [8], which is a command to pull in data in a stream:

$ tail -f access.log | stdbuf -oL cut -d aq aq -f1 | uniq

With the tail command, it is possible to format the entries into a useful layout that scripts and other applications can use.

I will be keeping an eye on Teler as new features and supported formats are developed in later versions.

Infos

  1. Logwatch: https://www.admin-magazine.com/Archive/2015/25/Lean-on-Logwatch
  2. Teler: https://github.com/kitabisa/teler
  3. Teler release page: https://github.com/kitabisa/teler/releases
  4. Docker Engine: https://docs.docker.com/engine/install
  5. Teler config example: https://github.com/kitabisa/teler/blob/master/teler.example.yaml
  6. Common log format: https://en.wikipedia.org/wiki/Common_Log_Format
  7. Teler resource collections: https://github.com/kitabisa/teler-resources
  8. stdbuf: https://linux.die.net/man/1/stdbuf

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

« Previous 1 2

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus