Mercurial > hg > maltfilter
comparison README @ 104:f24388499e66
Update documentation.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 07 Sep 2009 01:49:05 +0300 |
parents | 075b2b626d17 |
children | 5786194984c5 |
comparison
equal
deleted
inserted
replaced
103:df68cf1eaf39 | 104:f24388499e66 |
---|---|
3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> | 3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> |
4 (C) Copyright 2009 Tecnic Software productions (TNSP) | 4 (C) Copyright 2009 Tecnic Software productions (TNSP) |
5 | 5 |
6 Distributed under the modified ("3-clause") BSD license. Please see | 6 Distributed under the modified ("3-clause") BSD license. Please see |
7 included file COPYING for more information. | 7 included file COPYING for more information. |
8 | |
9 | |
10 Homepage: http://www.tnsp.org/maltfilter.php | |
11 | |
8 | 12 |
9 About | 13 About |
10 ===== | 14 ===== |
11 Maltfilter is daemon script written in Perl, which continuously scans various | 15 Maltfilter is daemon script written in Perl, which continuously scans various |
12 system logfiles including auth.log, Apache style common logformat and error | 16 system logfiles including auth.log, Apache style common logformat and error |
52 It is also helpful to change the FILTER_MAX_AGE and GLOBAL_MAX_AGE | 56 It is also helpful to change the FILTER_MAX_AGE and GLOBAL_MAX_AGE |
53 configuration settings to smaller values, so that amount of data held | 57 configuration settings to smaller values, so that amount of data held |
54 in memory at once is smaller. | 58 in memory at once is smaller. |
55 | 59 |
56 | 60 |
57 Installation | 61 Manual installation |
58 ============ | 62 =================== |
59 Copy maltfilter script to /usr/sbin and set permissions | 63 1) Copy maltfilter script to /usr/sbin and set permissions |
60 | 64 |
61 $ cp maltfilter /usr/sbin/maltfilter | 65 $ cp maltfilter /usr/sbin/maltfilter |
62 $ chmod 755 /usr/sbin/maltfilter | 66 $ chmod 755 /usr/sbin/maltfilter |
63 $ chown root:root /usr/sbin/maltfilter | 67 $ chown root:root /usr/sbin/maltfilter |
64 | 68 |
65 Copy example configuration under /etc (you may not want to | 69 2) Copy example configuration under /etc (you may not want to have the |
66 to have the configuration readable to regular users, so below | 70 configuration readable to regular users, so below example sets mode |
67 example sets mode 600 to it.) | 71 0600 to it.) |
68 | 72 |
69 $ cp example.conf /etc/maltfilter.conf | 73 $ cp example.conf /etc/maltfilter.conf |
70 $ chmod 600 /etc/maltfilter.conf | 74 $ chmod 600 /etc/maltfilter.conf |
71 $ chown root:root /etc/maltfilter.conf | 75 $ chown root:root /etc/maltfilter.conf |
72 | 76 |
77 3) Additionally you can set up the provided Debian style init script | |
78 for starting Maltfilter at boot. You may need to edit the script, | |
79 if you didn't install the configuration and maltfilter script to | |
80 paths described above. | |
73 | 81 |
74 Optional | 82 $ cp example.init /etc/init.d/maltfilter |
75 ======== | 83 $ chmod 755 /etc/init.d/maltfilter |
76 Additionally you can set up the provided Debian style init script: | 84 $ chown root:root /etc/init.d/maltfilter |
77 | 85 |
78 $ cp example.init /etc/init.d/maltfilter | 86 After that you should run rcconf(8) or chkconfig(8) or similar SysV |
79 $ chmod 755 /etc/init.d/maltfilter | 87 runlevel configuration utility to enable the script on desired |
80 $ chown root:root /etc/init.d/maltfilter | 88 runlevels. |
81 | 89 |
82 You need to edit the script, if you didn't install the configuration | 90 4) You will also most likely want to set up Maltfilter to be SIGHUP'd/ |
83 and maltfilter to paths described in installation section. | 91 restarted when logfiles are rotated via logrotate (because Maltfilter |
92 does not automatically notice if logfiles are switched while it is | |
93 running). | |
84 | 94 |
85 Also a simple example HTML CSS stylesheet is provided for your convenience. | 95 There are several ways this can be done, most of which are distribution |
96 specific. If you are using Debian-based distribution or something close | |
97 enough, you can try following: | |
98 | |
99 a) Use the included 'logrotate.example' logrotate script. This may not | |
100 as reliable method as below, however, but it is somewhat easier and | |
101 much more maintainable. | |
102 | |
103 $ cp logrotate.example /etc/logrotate.d/maltfilter | |
104 $ chmod 644 /etc/logrotate.d/maltfilter | |
105 $ chown root:root /etc/logrotate.d/maltfilter | |
106 | |
107 b) Alternatively you can edit /etc/logrotate.conf or relevant file(s) | |
108 under /etc/logrotate.d/ and add reloading or restarting maltfilter | |
109 in the script's postrotate section. | |
110 | |
111 For example, if you are using Debian with rsyslog, there should be | |
112 /etc/logrotate.d/rsyslog, which takes care of rotating most system | |
113 logs, such as auth.log. Add following line in postrotate section: | |
114 | |
115 invoke-rc.d maltfilter reload > /dev/null | |
86 | 116 |
87 | 117 |
88 Configuration and usage | 118 Configuration and usage |
89 ======================= | 119 ======================= |
90 See example.conf for documentation about settings. Start maltfilter | 120 See example.conf for documentation about settings. After editing your |
91 either via the init script or through commandline: | 121 configuration, you should do a preliminary test run via report mode to |
122 see if most settings are sane. | |
123 | |
124 $ maltfilter -f /etc/maltfilter.conf | |
125 | |
126 After that, you can start maltfilter either via the init script | |
127 (recommended) or through commandline: | |
92 | 128 |
93 $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf | 129 $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf |
94 | 130 |
95 If you want to use the init script, you need to edit your init runlevel | 131 If you want to use the init script, you need to edit your init runlevel |
96 settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) | 132 settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) |
100 Reports | 136 Reports |
101 ======= | 137 ======= |
102 Automatic report generation can be enabled from configuration. | 138 Automatic report generation can be enabled from configuration. |
103 You can also run "full" report generation via the "-f" option, in this | 139 You can also run "full" report generation via the "-f" option, in this |
104 special mode, no automatic weeding is performed, resulting in | 140 special mode, no automatic weeding is performed, resulting in |
105 more data being shown. | 141 more data being shown. In report mode Maltfilter will only parse files |
142 once, generate reports (if enabled) and quit. | |
106 | 143 |