* David C. Rankin <drankinatty@suddenlinkmail.com> [Nov 27. 2008 08:30]:
16:36 nirvana~/linux/boxes/bonza/log> wc -l < 20081121.log 5353
After the change:
16:37 nirvana~/linux/boxes/bonza/log> wc -l < 20081125.log 294
Less than 300 entries in the logs in _total_ for an entire 24 hour period. If you have similar issues, and your real user needs can be accommodated on a high port, I highly recommend it.
Another approach is one I use after I found it on the DragonFlyBSD list. Have an entry to send everything from the auth log into a seperate program scanning for invalid user logins. If one such is found--blacklist it. After a while it stops and you don't have to inform all users about port number change. -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogical, with just a little bit more effort?" -- A. P. J. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org