Mercurial > hg > maltfilter
comparison README @ 104:f24388499e66
Update documentation.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Mon, 07 Sep 2009 01:49:05 +0300 |
| parents | 075b2b626d17 |
| children | 5786194984c5 |
comparison
equal
deleted
inserted
replaced
| 103:df68cf1eaf39 | 104:f24388499e66 |
|---|---|
| 3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> | 3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> |
| 4 (C) Copyright 2009 Tecnic Software productions (TNSP) | 4 (C) Copyright 2009 Tecnic Software productions (TNSP) |
| 5 | 5 |
| 6 Distributed under the modified ("3-clause") BSD license. Please see | 6 Distributed under the modified ("3-clause") BSD license. Please see |
| 7 included file COPYING for more information. | 7 included file COPYING for more information. |
| 8 | |
| 9 | |
| 10 Homepage: http://www.tnsp.org/maltfilter.php | |
| 11 | |
| 8 | 12 |
| 9 About | 13 About |
| 10 ===== | 14 ===== |
| 11 Maltfilter is daemon script written in Perl, which continuously scans various | 15 Maltfilter is daemon script written in Perl, which continuously scans various |
| 12 system logfiles including auth.log, Apache style common logformat and error | 16 system logfiles including auth.log, Apache style common logformat and error |
| 52 It is also helpful to change the FILTER_MAX_AGE and GLOBAL_MAX_AGE | 56 It is also helpful to change the FILTER_MAX_AGE and GLOBAL_MAX_AGE |
| 53 configuration settings to smaller values, so that amount of data held | 57 configuration settings to smaller values, so that amount of data held |
| 54 in memory at once is smaller. | 58 in memory at once is smaller. |
| 55 | 59 |
| 56 | 60 |
| 57 Installation | 61 Manual installation |
| 58 ============ | 62 =================== |
| 59 Copy maltfilter script to /usr/sbin and set permissions | 63 1) Copy maltfilter script to /usr/sbin and set permissions |
| 60 | 64 |
| 61 $ cp maltfilter /usr/sbin/maltfilter | 65 $ cp maltfilter /usr/sbin/maltfilter |
| 62 $ chmod 755 /usr/sbin/maltfilter | 66 $ chmod 755 /usr/sbin/maltfilter |
| 63 $ chown root:root /usr/sbin/maltfilter | 67 $ chown root:root /usr/sbin/maltfilter |
| 64 | 68 |
| 65 Copy example configuration under /etc (you may not want to | 69 2) Copy example configuration under /etc (you may not want to have the |
| 66 to have the configuration readable to regular users, so below | 70 configuration readable to regular users, so below example sets mode |
| 67 example sets mode 600 to it.) | 71 0600 to it.) |
| 68 | 72 |
| 69 $ cp example.conf /etc/maltfilter.conf | 73 $ cp example.conf /etc/maltfilter.conf |
| 70 $ chmod 600 /etc/maltfilter.conf | 74 $ chmod 600 /etc/maltfilter.conf |
| 71 $ chown root:root /etc/maltfilter.conf | 75 $ chown root:root /etc/maltfilter.conf |
| 72 | 76 |
| 77 3) Additionally you can set up the provided Debian style init script | |
| 78 for starting Maltfilter at boot. You may need to edit the script, | |
| 79 if you didn't install the configuration and maltfilter script to | |
| 80 paths described above. | |
| 73 | 81 |
| 74 Optional | 82 $ cp example.init /etc/init.d/maltfilter |
| 75 ======== | 83 $ chmod 755 /etc/init.d/maltfilter |
| 76 Additionally you can set up the provided Debian style init script: | 84 $ chown root:root /etc/init.d/maltfilter |
| 77 | 85 |
| 78 $ cp example.init /etc/init.d/maltfilter | 86 After that you should run rcconf(8) or chkconfig(8) or similar SysV |
| 79 $ chmod 755 /etc/init.d/maltfilter | 87 runlevel configuration utility to enable the script on desired |
| 80 $ chown root:root /etc/init.d/maltfilter | 88 runlevels. |
| 81 | 89 |
| 82 You need to edit the script, if you didn't install the configuration | 90 4) You will also most likely want to set up Maltfilter to be SIGHUP'd/ |
| 83 and maltfilter to paths described in installation section. | 91 restarted when logfiles are rotated via logrotate (because Maltfilter |
| 92 does not automatically notice if logfiles are switched while it is | |
| 93 running). | |
| 84 | 94 |
| 85 Also a simple example HTML CSS stylesheet is provided for your convenience. | 95 There are several ways this can be done, most of which are distribution |
| 96 specific. If you are using Debian-based distribution or something close | |
| 97 enough, you can try following: | |
| 98 | |
| 99 a) Use the included 'logrotate.example' logrotate script. This may not | |
| 100 as reliable method as below, however, but it is somewhat easier and | |
| 101 much more maintainable. | |
| 102 | |
| 103 $ cp logrotate.example /etc/logrotate.d/maltfilter | |
| 104 $ chmod 644 /etc/logrotate.d/maltfilter | |
| 105 $ chown root:root /etc/logrotate.d/maltfilter | |
| 106 | |
| 107 b) Alternatively you can edit /etc/logrotate.conf or relevant file(s) | |
| 108 under /etc/logrotate.d/ and add reloading or restarting maltfilter | |
| 109 in the script's postrotate section. | |
| 110 | |
| 111 For example, if you are using Debian with rsyslog, there should be | |
| 112 /etc/logrotate.d/rsyslog, which takes care of rotating most system | |
| 113 logs, such as auth.log. Add following line in postrotate section: | |
| 114 | |
| 115 invoke-rc.d maltfilter reload > /dev/null | |
| 86 | 116 |
| 87 | 117 |
| 88 Configuration and usage | 118 Configuration and usage |
| 89 ======================= | 119 ======================= |
| 90 See example.conf for documentation about settings. Start maltfilter | 120 See example.conf for documentation about settings. After editing your |
| 91 either via the init script or through commandline: | 121 configuration, you should do a preliminary test run via report mode to |
| 122 see if most settings are sane. | |
| 123 | |
| 124 $ maltfilter -f /etc/maltfilter.conf | |
| 125 | |
| 126 After that, you can start maltfilter either via the init script | |
| 127 (recommended) or through commandline: | |
| 92 | 128 |
| 93 $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf | 129 $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf |
| 94 | 130 |
| 95 If you want to use the init script, you need to edit your init runlevel | 131 If you want to use the init script, you need to edit your init runlevel |
| 96 settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) | 132 settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) |
| 100 Reports | 136 Reports |
| 101 ======= | 137 ======= |
| 102 Automatic report generation can be enabled from configuration. | 138 Automatic report generation can be enabled from configuration. |
| 103 You can also run "full" report generation via the "-f" option, in this | 139 You can also run "full" report generation via the "-f" option, in this |
| 104 special mode, no automatic weeding is performed, resulting in | 140 special mode, no automatic weeding is performed, resulting in |
| 105 more data being shown. | 141 more data being shown. In report mode Maltfilter will only parse files |
| 142 once, generate reports (if enabled) and quit. | |
| 106 | 143 |