[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Log analyzer improvements, ticket #226



On Mon, 2007-11-26 at 08:42 -0600, Mike McGrath wrote:

> 2) would be more favored by me where possible.
> 

No problem. From todays' report a couple of things we can do:

1. remove all user failure reports. They don't do us any good and
they're always ssh bruteforce attacks. Denyhosts will do its thing, or
not, but we can't be told about them all the time.

2. weed out pretty much everything beginning with:
rsyncd - informational messages about rsync processes - not useful
puppetd - notices on what is or is not done - not useful, either
        - if we can turn off the syslog component of this and only have 
          this in the local puppet logs that'd be fine
ntpd - garbage noise - not useful for a log report 
git-daemon - do I really need to explain why we can nuke this?


3. all of these lines: 
crond[19403]: pam_unix(crond:session): session closed for user root 

iirc, there is a new login module which handles these

4. puppetmasterd* - these appear to be errors/warnings from
puppetmasterd - these need to be fixed.

pruning out the items in 2 alone will nuke the better part of this
logreport.

-sv



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]