Log of apache 2.4.20_1 in FreeBSD is much more complex which the docoder
expect, the standard config can’t understand.
I add this instruction in prematch of decoder apache-errorlog. And now the
decoder can understand the log
*^[\w+ \w+ \d+ \d+:\d+:\d+.\d+ \d+] [:error] [pid \d+] [client
On Thu, May 19, 2016 at 9:25 AM, Patrick wrote:
> Thanks so much Dan.
>
>
> The error was simple, but i couldn't see. Thanks so much.
>
>
> I edit the decoder and now the action work.
>
What changes did you make to the decoder? They might be able to be put
into the
Thanks so much Dan.
The error was simple, but i couldn't see. Thanks so much.
I edit the decoder and now the action work.
Em quarta-feira, 18 de maio de 2016 15:49:12 UTC-3, dan (ddpbsd) escreveu:
>
> On Wed, May 18, 2016 at 2:33 PM, Patrick Müller
> wrote:
> >
On Wed, May 18, 2016 at 2:33 PM, Patrick Müller
wrote:
> Hi guys.
>
>
> My configuration is Freebsd-10.2 with ossec-hids-local-2.8.3 installed via
> ports.
>
>
> I have this custom configuration for a active reponse which block web
> attacks.
>
>
>
>
> ipfw-www
>
>
Hi guys.
My configuration is Freebsd-10.2 with ossec-hids-local-2.8.3 installed via
ports.
I have this custom configuration for a active reponse which block web
attacks.
ipfw-www
local
43200
*30202,31151*
*This is my test with logtest *
**Phase 1: Completed