csf custom regex not working
Posted: 09 May 2016, 19:35
I have read through the forum's and can't figure out why my Custom Trigger isn't firing...
So, I have a web application which is writing the following to a log file upon Failed Login Attempt.
I am using PHP Error Log Function to write the Failed Attempt
This Generates a Log Entry in the "/var/log/httpd/error_log" as such:
I have added the following to the "/etc/csf/regex.custom.pm"
I have edited the "/etc/csf/csf.conf" as follows:
I have confirmed that my regex statements work against the log file..
can anyone point me to something to help debug?
So, I have a web application which is writing the following to a log file upon Failed Login Attempt.
I am using PHP Error Log Function to write the Failed Attempt
Code: Select all
error_log("{$x} {$_POST['username']} {$y} {$z} {$zz}", 0);Code: Select all
[Tue May 10 10:23:58 2016] [error] [client 10.80.32.45] Failed Login for User: from IP: 10.80.32.45 port 443 https, referer: http:///Code: Select all
#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
sub custom_line {
my $line = shift;
my $lgfile = shift;
# Do not edit above this point
###############################################################################
# Blank User Name
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^.*Failed Login for User:.*$/)) {
return ("Failed Login from",$1,"rcflogin","5","30");
}
# }
###############################################################################
# Do not edit beyond this point
return 0;
}
1;Code: Select all
CUSTOM1_LOG = "/var/log/httpd/error_log"
LF_SELECT = 0 can anyone point me to something to help debug?