There is no better feeling than being pleasantly surprised by the application you develop. This is what happened to me this Monday morning.
First, let me explain some bits of our network.
- We have about 17 OpenBSD servers for our internal consumption. These serve as firewalls, web servers, file servers, dns servers, mail servers, database servers, cvs servers etc.
- We have 2 Linux servers (a PBX and a customer system usually producing logs once a day).
- Our logs are managed by a single server with mysql, syslog-ng and Echofish.
- We don't have a high volume of syslog messages, between 6000-8000 and occasionally 10000 entries, depending on the day.
Having said that, Echofish greeted me with 17.775 log messages that got produced during the weekend. However, with a medium sized whitelist, these were trimmed down to 4.241 messages, (that is about 42 pages on Echofish).
So at about 9:08 I started "acknowledge"-ing my way through them, SPAM, Imap connections, a brute force at our portal, a proxy scanner and at about 9:19, I was facing an empty screen. It was over in less than 10 painless minutes.
This is one of the reasons that make Echofish an integral part of our network daily operations and monitoring.
I hope you enjoyed the reading, have a nice week,