About Archive Tags RSS Feed

 

Entries tagged sysadmin-logs

Some thoughts ..

28 September 2013 21:50

It has taken just over two weeks for blogspam to reject 1 million SPAM comments.

I'm not sure how paranoid I should be about false-positives now, (I accept false-negatives easily enough).

Using node.js is pretty good for making toy servers, and on that basis here's another toy server:

This is a small server which is designed to accept HTTP-POSTs containing a payload of a message, these are stored and later retrieved. Seems like a simple thing, right? Imagine how it is used:

root@server1:~# record-log Upgraded mysql

root@server2:~# record-log Tweaked /etc/sysctl.conf

root@server3:~# record-log Added user 'bob'
root@server3:~# record-log Added user 'steve'

Later:

root@server3:~# get-recent
1.2.3.4 2013-09-28T08:08:09.211Z
root:Added user 'bob'

1.2.3.4 2013-09-28T08:08:10.211Z
root:Added user 'steve'

In short it makes it easy to record "activity", and later retrieve it. A host can only fetch the entries it stored, but if you've got access to the remote server then you can get all logs.

I suspect a more standard solution is to use syslog-ng, and logger, or similar. But it is a cute hack and I suspect if you've the discipline to record actions then this is actually reasonably useful.

| No comments