Hi, I have CSF monitoring one of my files, and it's not picking up non-standard log lines generated by LiteSpeed. I have a ton of these:
2023-04-07 10:44:40.487175 [NOTICE] [12043] [T0] [[redacted]:39787-22#_AdminVHost:lsapi] [STDERR] [WebAdmin Console] Failed Login Attempt - username: admin ip: 185.220.100.253 url: https://[redacted]/login.php\n
By my understanding, I should just have to add the log file to (for example) CUSTOM3_LOG in csf.conf, and then write a regex for regex.custom.pm that pulls the offending IP out of the above info - correct?
Configuration question
Re: Configuration question
Yes, you are correct.
You have to declare the log that you want your rule to check and save the PATH on a CUSTOM_LOG that is not used by any other process.
After that you can create your own rule.
You have to declare the log that you want your rule to check and save the PATH on a CUSTOM_LOG that is not used by any other process.
After that you can create your own rule.