In my last posts I’ve shown a central syslog which feeds fail2ban, suricata as an intrusion prevention system (IPS) and here is the final piece which feeds suricata with the results of fail2ban by creating a .rules file for suricata-update.
Continue reading Create a suricata rules file using fail2banTag: fail2ban
Setup a central logging instance (and use it to block traffic using fail2ban)
A very light-weight approach for storing logs centralized is by just using rsyslog. My virtual machines all use rsyslog. That rsyslog sends it’s logs to another internal virtual machine which runs rsyslog as well. A fail2ban instance is checking all these logs and sending a block command to the firewalls. Here is how.
Continue reading Setup a central logging instance (and use it to block traffic using fail2ban)