I use 2 Linux servers for the mail and web servers at Techville.ca

The second server (Linux2) is off-site and mirrors the 60 days of backups for all mail, web and mysql server data on Linux1.

These backups are then mirrored to yet a second hard drive in Linux2.

All of this is done as a scheduled job in the middle of the night.

Needless to say, I do not worry about tapes or off-site copies as everything is automated and exists on 2 machines and 3 different hard drives.

Very low cost and I just skim the backup.log periodically.

I am also mailed a file called “Logwatch”. Logwatch is one of the huge advantages of Linux, in that it is a simple text file (can e mail to my device), and lists all kinds of information about my servers in the past 24 hours.

It tells me everything that happened with all services such as apache webserver, mail, firewall and even hardware pre failure warnings. I can skim these and catch mistakes or errors before they cause problems. It also mails me security information such as attempts to do bad things like hack in to the mail (Spammers?) Here is an example from logwatch:

<snip>

——————— httpd Begin ————————Connection attempts using mod_proxy:
208.80.72.253 -> http://lti-mail01.ltinetworks.com:25: 1 Time(s)
67.52.255.126 -> http://lti-mail01.ltinetworks.com:25: 1 Time(s)———————- httpd End ————————-

<paste>

No one got in but they certainly tried at least once. Do I care? Not really, as the entire domain is now entered in to my firewall and will no longer even accept connections from them at all. Can’t even browse the web site.

This may not be a malicious attempt to hack us, these people may have a virus or malware that is trying to connect in the background on their PC’s and they may be completely unaware. It could also be a mistaken identity I suppose :)

 to be continued ….