Date (YEAR) in /var/log/mail.log

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Date (YEAR) in /var/log/mail.log

Michelle Konzack
Hallo,

I run currently an analyzer over the /var/log/mail.log*  file  from  the
last 12 years ;-) and now I run into trouble, because the prefixing date
has no YEAR stamp.

Is there a possibility to change this?

I was greping all configs, but found noting.

Any suggestions?

Note:   It seems, this year is the year of Dictionary attacks!
        2006     16751
        2007     33190
        2008     91753
        2009    111654
        2010    216972
        2011    360219
        2012    498317
        2013    159974
        2014    137438
        2015     89118
        2016     56713
        2017    753816 in only 17 days or if you want 2296800 secs
                       --> all 3.047 seconds a dictionary attempt

        I really would like to know, which login/password they try...

        However, over the last 12  years  there  where  NEVER  a  singel
        account compromised.  Maybe I am  BOFH,  but  forcing  users  to
        better passwords is unfortunately neccesary, since I do not want
        to bother (have no time for it) with compromised accounts.

Thanks
Michelle

--
Michelle Konzack        ITSystems
GNU/Linux Developer     0033-6-61925193

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Date (YEAR) in /var/log/mail.log

Sam Varshavchik
Michelle Konzack writes:

> Hallo,
>
> I run currently an analyzer over the /var/log/mail.log*  file  from  the
> last 12 years ;-) and now I run into trouble, because the prefixing date
> has no YEAR stamp.
>
> Is there a possibility to change this?

That's something that's syslog's territory. syslog generates the timestamps  
in /var/log files.

> I was greping all configs, but found noting.
>
> Any suggestions?

http://stackoverflow.com/questions/5065592/adding-year-in-the-syslog-message- 
linux

>         I really would like to know, which login/password they try...
>
>         However, over the last 12  years  there  where  NEVER  a  singel
>         account compromised.  Maybe I am  BOFH,  but  forcing  users  to
>         better passwords is unfortunately neccesary, since I do not want
>         to bother (have no time for it) with compromised accounts.

Courier is quite resilient to dictionary attacks. The combination of a  
default max limit of four connections from the same IP address, and  
aggressive tarpitting quickly kills most dictionary attacks before they go  
very far.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Date (YEAR) in /var/log/mail.log

Michelle Konzack
On 2017-01-27 08:34:01 Sam Varshavchik hacked into the keyboard:
> That's something that's syslog's territory. syslog generates the
> timestamps in /var/log files.
>
> >I was greping all configs, but found noting.
> >
> >Any suggestions?
>
> http://stackoverflow.com/questions/5065592/adding-year-in-the-syslog-message-linux

F..k! -- I am hit by the strftime() problem!

The Debian rsyslogd does not support it!

> Courier is quite resilient to dictionary attacks. The combination of
> a default max limit of four connections from the same IP address,
> and aggressive tarpitting quickly kills most dictionary attacks
> before they go very far.

I will look into it

--
Michelle Konzack        ITSystems
GNU/Linux Developer     0033-6-61925193

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

signature.asc (853 bytes) Download Attachment