[rsyslog-notify] Forum Thread: Re: demolish the syslog system - (Mode 'reply')

[noreply at adiscon.com]

User: venember 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26212#p26212

Message: 
----------
I am trying to defend my machine and system from the massive bruteforce
attacks on the open net. It is a legacy system with yearly update (with
always lots of errors), more than 10 years old.

To this, I need system logs.

The SuSE completely rebuild the logging and security system so I have lost
my logs and more the n half of defending facilities. They do not test
enough an do not care with legacy systems... build a new instead...

I do not want to UNDERSTAND the logging system, purely I want to USE this.

The syslog-ng and rsyslog are not compatible each other, but I changed them
for tests.

The first thing that I want to SEE the log records.

I had tests lasting one week. I read the documentation. I made experiences
with different setups. The result is a half-working log system with totally
different log records (mail and fali2ban is running but not logging yet) so
I hardly manage to it.
This situation is most dangerous and I do not know what the SUSE developers
think: everybody will use a commercial logging, audit, policy, security and
logging system, which is basically developed for commercial big firms?

If you want to look into my my machine, I will let it to see. Or forget it.
My opinion is that the WORKING logging system is FUNDAMENTAL for every
operating systems. And not by the users. And should not have to let to
upgrade without it.