CSF and Log entries for an Apache version 4
I try to fix entries CSF and Log entries for an Apache version 2.4:
CUSTOM1_LOG = "/etc/apache2/logs/domlogs/*/*"
Is it the correct CUSTOM1_LOG = "/etc/apache2/logs/domlogs/*/*"
Need help.
-
This would be better asked on a CSF forum. (?) (I assume that you actually mean Apache 2.4 HTTP Server.) The standard CSF settings are fine, if you use the recommended combined logs. - Home /
- Service Configuration /
- Apache Configuration /
- Piped Log Configuration
0 -
( Thanks for the edit, @moderator - didn't spot it actually linked to a server, d'oh! ) 0 -
@toplisek - can you let us know what specifically you are trying to change? 0 -
I try to secure login inside OpenCart. I do not know if folder is the correct path. An example: should we use / or without, \/admin/index\.php. nano /usr/local/csf/bin/regex.custom.pm # XMLRPC if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) { return ("WP XMLPRC Attack",$1,"XMLRPC","5","80,443","1"); } # OC-LOGINS Users if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/admin/index\.php.*" /)) { return ("OC Login Attack",$1,"OCLOGIN","5","80,443","1"); } # OC-LOGINS Administrator if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/admin/index\.php.*" /)) { return ("OC Login Attack",$1,"OCLOGIN","5","80,443","1"); } nano /etc/csf/csf.conf 0 -
Why not just use {HTACCESS_LOG} in the regex.custom.pm? The only reason I can think of offhand, for using a custom log, is to monitor a particular cPanel account/domain, in which case use a specific domlog. I note that your copy/paste of the custom regex appears to be incorrect - the test for user and admin are identical. :-\ Also note that the CSF forum is likely a better venue for these questions. 0
Please sign in to leave a comment.
Comments
5 comments