File and log watching

Integrated and easy to use file system and log watching

Watching the content of servers logs as they progress to find signs of errors or security exposure it is key to quickly detect and solve problems. Along with this, Core-Admin also provides a file system watching solution, which allows you to track which files have changed and optionally match those changes with known unallowed sequences to detect common security threats.

Real time log watching to improve server availability

Core-Admin provides an integrated solution to track your server logs  as they progress, that is, as the log grows, Core-Admin log watcher consumes it and checks that content, giving you fresh information just when it happens.

Log growth speed watcher

report-64x64Watching and reporting unusual log growth speed is a feature that will help you to know if your server is calm and providing service at a normal rate.

A wrongly configured option or even an unknown problem may cause your system to speed up the log production rate causing a severe performance penalty to your system which may cause hard disk space exhaustion too.

Tracking known expressions

database-64x64Server logs produce many common expressions that are signs of specific problems that are easy to solve. But you need to know them when they happen.

Core-Admin Log watcher will let you know those common errors as they are detected, producing Core-Admin notifications to let you manage the issue.

Running commands on match

process-64x64Didn’t you ever want to have a solution to run commands (to process certain element) when an expression is detected inside a  log? Core-Admin log watcher has it ready to use.

This useful feature can be used for many purposes, from processing new customer entries or blocking some IP due to security threats detected.

 

Some of the expressions that are watched in server logs

Elements looked up Description
Kernel hangs Search for evidences about kernel hangs (“stack traces”) so it can be anticipated a programmed reboot to proceed to replace component in failure
Command not found Search for evidences about “command not found” so it can detected configuration problems or security threats
Corrupt databases Search for evidences about corrupt, failing or pending to repair databases (MySQL, SQLite, PostgreSQL)
Reboots and poweroffs Search for evidences about reboots and/or poweroffs to check if they are expected.
Failures at mail components Search for evidences about some mail component is failing
Database connection failures Search for evidences about database connection failures that should work
Unallowed mail account accesses Search for evidences about mail accounts accesses
Detect and block login failures for common services (pop3, smtp, imap, ftp, ssh, sip…) Search for evidences and block ips when it is detected login failures (and it is found they are not expected)
Detect and register ssh accesses Search for evidences about ssh accesses received on any server
 

File system changes under control

Core-Admin log watcher provides a powerful and an integrated file system watching solution. It will help you to know to the minute changes produced in the file system at any of your servers. This integrated solution also provides useful features like content expression matching or detailed change reporting.

Track file system changes

folder-64x64Knowing what files are updated, removed or created in your servers is key to detect common errors and to improve server security by acting quickly as the modification happens.

Thanks to this, it is possible to have a clear map about the modification state of all your server farm to the minute.

Watching expressions

event-64x64As file modifications happens, Core-Admin log watcher provides support to search common expressions to detect unallowed sequences or security threats.

This is a powerful feature and it is being used by the Core-Admin Web Edition to detect common hacks introduced in webhosting pages. Now, administrators using Core-Admin easily know when a end user’s web page got hacked just when it happens in order to quickly solve it.

Detailed change reporting

search-bigAlong with the normal change reporting, it is possible to easily configure the system to track and report not only that something changed but what changed.

This feature will help you to track, for example, changes into /etc/passwd file as they happen and what was introduced on each change, giving you more power to provide the right solution.