|
|
|
|
|
|
by logifail
53 days ago
|
|
|
> By reducing the noise in logs, it reduces the workload on the human or agent reviewing the logs. Q: Why would you "review the logs" by (human/agent) hand for a service exposed to the Internet? What are you actually looking for? [I say this as someone who has tens of thousands of failed auth attempts against services I expose to the Internet. Per day.] |
|
|
If I were you I would do that immediately. Then, once your logs become actually useful again, look at them.
"Hmmm. There sure seem to be a lot of failed login attempts for bobsmith@server. Maybe I should call him up and see if there's something going on."