Every day I receive email from my server resuming what have been logged for the day. From time to time (but really rarely) there is no attempt at break in on my web server. The eternal question is :
- Is it that this day, no vile cracker, no young script kiddie, no spammer have found my blog server
- Is it that one of them succeed, and afterward clean any trace of breaking attempt.
What kind of log analysers would you recommend? I'm mostly using debian squeeze. There seem to be quite a few packaged, but what are people using and why? Mostly i'm running apache, sql etc. but it would be neat if auth logs etc. would be included also.
I use Logwatch as a log analyzer. It mail me every day what happen on my server.
I needed an howto to make it looking at lighttpd (as I'm not using Apache) but it was easy to do.
The only thinks obviously lacking for my log analyzer is something to tell me there is a comment pending moderation... Sorry for the delay.