Configuration question
Posted: 07 Apr 2023, 17:36
Hi, I have CSF monitoring one of my files, and it's not picking up non-standard log lines generated by LiteSpeed. I have a ton of these:
2023-04-07 10:44:40.487175 [NOTICE] [12043] [T0] [[redacted]:39787-22#_AdminVHost:lsapi] [STDERR] [WebAdmin Console] Failed Login Attempt - username: admin ip: 185.220.100.253 url: https://[redacted]/login.php\n
By my understanding, I should just have to add the log file to (for example) CUSTOM3_LOG in csf.conf, and then write a regex for regex.custom.pm that pulls the offending IP out of the above info - correct?
2023-04-07 10:44:40.487175 [NOTICE] [12043] [T0] [[redacted]:39787-22#_AdminVHost:lsapi] [STDERR] [WebAdmin Console] Failed Login Attempt - username: admin ip: 185.220.100.253 url: https://[redacted]/login.php\n
By my understanding, I should just have to add the log file to (for example) CUSTOM3_LOG in csf.conf, and then write a regex for regex.custom.pm that pulls the offending IP out of the above info - correct?