Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reducing event log reporting from the service #44

Closed
snblackout opened this issue Jan 26, 2021 · 4 comments · Fixed by #43
Closed

Reducing event log reporting from the service #44

snblackout opened this issue Jan 26, 2021 · 4 comments · Fixed by #43
Labels
enhancement thats a planned enhancement

Comments

@snblackout
Copy link

@devnulli thanks again for your prompt replies and improvements.

On one of my servers I checked to see how many event logs were being created in 1 hour and it's about 3600, which is kind of a lot so if other applications on the server have issues, the service is pushing them down and out of view quickly.

I propose a better way for reporting. Potentially a button on the console that you can create an HTML report of the data the server has of IPs and saves it to a particular folder to open in a browser to look through.

Thoughts?

Screenshot
@devnulli
Copy link
Owner

Hi,
Just to make sure. 😅
Whats in those entrys? Is it "found xxx", " banned xxx" (Info Level) Or is it."checkin log" ...nothing found.." ? (Verbose Level)

If its info level, you really need different ways of reporting , and we should think of something

If its verbose Level, you can turn the log level up in the config.

@snblackout
Copy link
Author

Most of them are below. I have seen a couple 'banned XXX" but I would have to say vast majority are below.

BlockRDPBrutersByRdpCore131: found 193.93.62.73, trigger count is 3

I did notice going through, some have a very high trigger count. Looking at the console, that IP is not in the temp or perma banned. Interesting.

BlockRDPBrutersBySecurity4625: found 186.96.174.85, trigger count is 376

@devnulli
Copy link
Owner

devnulli commented Jan 27, 2021
edited

Hi, I think it would be good to bring the Found ... messages to from Log Level Info to Log Level verbose. That way, they would not normally get logged into the windows log, unless you crank the log level down to Verbose. What remains is the entries when EvlWatcher is banning or lifting a ban.

Do you think that would be sufficient?

@devnulli devnulli added the enhancement thats a planned enhancement label Jan 27, 2021
@devnulli devnulli mentioned this issue Jan 27, 2021
Closed
@snblackout
Copy link
Author

That could work. Would the event logs that are created for banning or lifting ban be for temp and perma? Since I will be watching for that high trigger count, I kinda have to keep it as is for now though.

devnulli added a commit that referenced this issue Jan 28, 2021
@devnulli
classify messages about found ips as verbose #44
44621b0
@devnulli devnulli linked a pull request Jan 28, 2021 that will close this issue
version 2.1.2 (Release: April 2021) #43
Merged
@devnulli devnulli added the staging is finished and will be included in the next release label Jan 28, 2021
devnulli added a commit that referenced this issue Jun 3, 2021
@devnulli
version 2.1.2 (Release: June 2021) (#43)
b06f05a 
* turning up version numbers

* fixing a small issue in the license

* classify messages about found ips as verbose #44

* a small readability thing

* added_start_menu #42

* some beauty fixes for the console (icon..) (#51)

* removed dead code

* set icon for the app

* ability to remove temp bans (#47)

* service gets ability to remove temp bans

* forgetting IPS needs to ignore re-supplied events

* console feature to remove temporary bans

* tested and tweaked the server feature to remove temp ban #45

* fixed a bug with forgetting ips

fixed a bug where a task will not forget an ip it has already forgotten earlier

* replaced "middle finger" with safe for work image (#62)

* releasing 2.1.2
@devnulli devnulli removed the staging is finished and will be included in the next release label Sep 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement thats a planned enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

version 2.1.2 (Release: April 2021) devnulli/EvlWatcher
2 participants
@devnulli @snblackout