Integrated and easy to use file system and log watching
Watching the content of servers logs as they progress to find signs of errors or security exposure it is key to quickly detect and solve problems. Along with this, Core-Admin also provides a file system watching solution, which allows you to track which files have changed and optionally match those changes with known unallowed sequences to detect common security threats.
Real time log watching to improve server availability
Core-Admin provides an integrated solution to track your server logs as they progress, that is, as the log grows, Core-Admin log watcher consumes it and checks that content, giving you fresh information just when it happens.
Log growth speed watcher
Watching and reporting unusual log growth speed is a feature that will help you to know if your server is calm and providing service at a normal rate.
A wrongly configured option or even an unknown problem may cause your system to speed up the log production rate causing a severe performance penalty to your system which may cause hard disk space exhaustion too.
Tracking known expressions
Server logs produce many common expressions that are signs of specific problems that are easy to solve. But you need to know them when they happen.
Core-Admin Log watcher will let you know those common errors as they are detected, producing Core-Admin notifications to let you manage the issue.
Running commands on match
Didn’t you ever want to have a solution to run commands (to process certain element) when an expression is detected inside a log? Core-Admin log watcher has it ready to use.
This useful feature can be used for many purposes, from processing new customer entries or blocking some IP due to security threats detected.
Some of the expressions that are watched in server logs
| Elements looked up | Description |
|---|---|
| Kernel hangs | Search for evidences about kernel hangs (“stack traces”) so it can be anticipated a programmed reboot to proceed to replace component in failure |
| Command not found | Search for evidences about “command not found” so it can detected configuration problems or security threats |
| Corrupt databases | Search for evidences about corrupt, failing or pending to repair databases (MySQL, SQLite, PostgreSQL) |
| Reboots and poweroffs | Search for evidences about reboots and/or poweroffs to check if they are expected. |
| Failures at mail components | Search for evidences about some mail component is failing |
| Database connection failures | Search for evidences about database connection failures that should work |
| Unallowed mail account accesses | Search for evidences about mail accounts accesses |
| Detect and block login failures for common services (pop3, smtp, imap, ftp, ssh, sip…) | Search for evidences and block ips when it is detected login failures (and it is found they are not expected) |
| Detect and register ssh accesses | Search for evidences about ssh accesses received on any server |
File system changes under control
Core-Admin log watcher provides a powerful and an integrated file system watching solution. It will help you to know to the minute changes produced in the file system at any of your servers. This integrated solution also provides useful features like content expression matching or detailed change reporting.
Track file system changes
Knowing what files are updated, removed or created in your servers is key to detect common errors and to improve server security by acting quickly as the modification happens.
Thanks to this, it is possible to have a clear map about the modification state of all your server farm to the minute.
Watching expressions
As file modifications happens, Core-Admin log watcher provides support to search common expressions to detect unallowed sequences or security threats.
This is a powerful feature and it is being used by the Core-Admin Web Edition to detect common hacks introduced in webhosting pages. Now, administrators using Core-Admin easily know when a end user’s web page got hacked just when it happens in order to quickly solve it.
Detailed change reporting
Along with the normal change reporting, it is possible to easily configure the system to track and report not only that something changed but what changed.
This feature will help you to track, for example, changes into /etc/passwd file as they happen and what was introduced on each change, giving you more power to provide the right solution.