Jan 15 2006

RRDTool is Our Friend…

Published by conall at 7:18 under Work

I’ve been a fan of admin statistical graphing tools such as MRTG and Smokeping for quite a while. Last June, when I decided to get Icarus, I also discovered RRDTool based graphing tools Mailgraph (which graphs stats from Postfix/Sendmail logs), Bindgraph (which graphs BIND9 query statistics) and even Queuegraph (which graphs Postfix’s various queues).

I find these graphs invaluable for keeping an eye on my server. With their help, I know the rough no of emails sent and received and the daily trend patterns on each of my servers on a daily basis. I know the rough load on each of my DNS servers, which also doubles as an indicator for brute force SSH attacks (when there’s a sharp, consistant spike of A and PTR records, it’s always a brute force attack!). So far, I’m still playing with Queuegraph, mainly because it’s not packaged for Debian yet, (although there is an ITP to package it, except I’m the one who lodged the ITP…). I see I’m not the only one who’s a fan of graph based adminning, there’s a recent(ish) article on OnLamp about the advantages of Mailgraph

One tool I have yet to find is something to graph the contents of auth.log, so I can see at a glance when there’s a brute force attack, and whether it’s occurring over SSH, IMAP, SASL or even a misguided owner of a shell account doing something with /bin/su which is looking a little suspicous. Unfortunately, I haven’t seen anything like that yet. In fact, I could very well end up writing such a script, after June, when I’m done with the whole study lark…

Speaking of scripts, I’ve found good uses for 2 scripts written by phaxx in recent times. His mailchk script is very nice for Maildir loving, shell prompt using people such as myself. His other script (which isn’t publically available, yet) that I’ve been messing around with, is a Python script recognised by all RedBrick users. It reports a user’s disk usage quota in coloured ASCII Art. It required a few tweaks and some consultation from phaxx himself, but it did eventually port over to my LVM setup on Icarus nicely… :)

Anyway, back to more proactive activities I go…

No responses yet

Trackback URI | Comments RSS

Leave a Reply

Bad Behavior has blocked 69 access attempts in the last 7 days.