| ▲ | logifail 7 hours ago | |
> By reducing the noise in logs, it reduces the workload on the human or agent reviewing the logs. Q: Why would you "review the logs" by (human/agent) hand for a service exposed to the Internet? What are you actually looking for? [I say this as someone who has tens of thousands of failed auth attempts against services I expose to the Internet. Per day.] | ||
| ▲ | i_think_so 5 hours ago | parent [-] | |
Sounds like you are the poster child for moving ssh to a different port. :-) If I were you I would do that immediately. Then, once your logs become actually useful again, look at them. "Hmmm. There sure seem to be a lot of failed login attempts for bobsmith@server. Maybe I should call him up and see if there's something going on." | ||