OpenCanary 2.0 in Oracle Cloud continues to flourish. The main reporting mechanism is a webhook into Loggly from SolarWinds and it gives an overview of the connection attempts to the Canary along with the ports, protocols, source and username/password combinations.
It may be that the virtual host in Oracle Cloud lacks a little “fizz” but I’ve found a cronjob under the OpenCanary user that simply restarts the OC every three days has made for some reliable reporting (without this, I had gaps in the webhook reporting while the log files were being written to).
The result is a projected volume of events which will be between 8.5 and 9 million per year.
Drilling into the logs further, it would appear that the volume of events with connections that log a username or password being used will be in the region of 4.6 million attempts per year.
Sadly, the free Loggly plan does not allow me to leverage dashboards so the pie charts breaking down the events are no longer available; I cannot qualify a hobby experiment costing $99 per month…!
My search for some open source software to assess the log files or webhook into continues as the picture over time will be an interesting (and challenging) one.
