I’ve been working on my logging I talked about in last post, and I’m gathering more and more data from my servers. This is quite interesting because I can see what kind of activity is going on, on my network here. It is quite surprising to see how much traffic is being blocked at the firewall, versus what actually gets through and processed.
IPv4 traffic vs IPv6 is also interesting. On IPv4 the amount of hack attempts and random port scans are numerous, but on IPv6 attacks are way more targeted and a lot less in number. It is also interesting to see that from what gets through, there’s still quite a bit of malicious traffic.
One of this traffic categories is targeting some WordPress websites I host here. They launch attacks against the XMLRPC component of WordPress or wp_login, attempting to gain access to the sites.
Other log files show data on how my applications are performing, allow me to find error messages quickly, and diagnose problems more easily. The amount of the data to plow through is huge, but Graylog makes it a lot more manageable.
All in all, if you’re looking for a good logging solution, this is certainly one to consider.