Tracking SSH Brute-force Logins with Splunk

If you manage servers with OpenSSH access, you have no doubt been subject to the barrage of ssh brute-force attempts that occurs across the internet. Some administrators deal with this by either changing the default port (security by obscurity), utilizing public keys, threshold blocking, or white-listing source IP addresses among other things. AWS has security … Read more Tracking SSH Brute-force Logins with Splunk

Raspberry Pi Centralized Log Server

Setting up a Pi to be a centralized log store is amazingly simple. If you are using Raspbian it comes with¬†rsyslog¬†installed by default, so all that’s left is to setup the config and tailor log rotation. First you should create a directory under /var/log for all the remote logs. sudo mkdir /var/log/central Then edit the … Read more Raspberry Pi Centralized Log Server