;toc: I used to keep an IP list to block traffic to/from particular IPs in my router. I would add IPs to the list as I noticed them in the logs (mostly bots trying to guess my root password. And yes, root login is disabled).

This is not a sustainable model.

I needed to do two things:

  1. remove the human from having to check logs
  2. remove the human fromind having to update the IP list

Enter Graylog. I am now shipping all of my syslogs (and apache via syslog) to my Graylog server.

(more to come)

Page last modified on September 03, 2016