;toc: I used to keep an IP list to block traffic to/from particular IPs in my router. I would add IPs to the list as I noticed them in the logs (mostly bots trying to guess my root password. And yes, root login is disabled).
This is not a sustainable model.
I needed to do two things:
- remove the human from having to check logs
- remove the human fromind having to update the IP list
Enter Graylog. I am now shipping all of my syslogs (and apache via syslog) to my Graylog server.
(more to come)