| | |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Connection closed by ([\S]+) .* |
|---|
| | | |
|---|
| | | [ssh3] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Invalid user \w+ ([\S]+) .* |
|---|
| | | |
|---|
| | | [ssh4] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Disconnected from authenticating user root ([\S]+) .* |
|---|
| | | |
|---|
| | | #[http404] |
|---|
| | | #logfile = /var/www/logs/access.log |
|---|
| | | #regex = (?:\S+\s){1}(\S+).*\s404\s.* |
|---|
| | |
|---|
| | | # Nextcloud: login page |
|---|
| | | # Nextcloud 12 brings protection against brute-force attacks |
|---|
| | | # but 1/ not yet tested so far 2/ system protection is probably more efficient |
|---|
| | | #[nextcloud] |
|---|
| | | #logfile = /var/www/htdocs/datacloud/nextcloud.log |
|---|
| | | #regex = .*Bruteforce attempt from \\"(.*)\\" detected |
|---|
| | | [nextcloud] |
|---|
| | | logfile = /var/www/htdocs/datacloud/nextcloud.log |
|---|
| | | regex = .*Bruteforce attempt from \\"(.*)\\" detected |
|---|
| | | |
|---|
| | | # Nextcloud: public shares protected by password |
|---|
| | | # regex is compliant with NginX log format: |
|---|
| | |
|---|
| | | # log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
|---|
| | | # '$status $body_bytes_sent "$http_referer" ' |
|---|
| | | # '"$http_user_agent" "$http_x_forwarded_for"'; |
|---|
| | | #[nextcloud-share] |
|---|
| | | #logfile = /var/www/logs/access-nextcloud.log |
|---|
| | | #regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200 |
|---|
| | | [nextcloud-share] |
|---|
| | | logfile = /var/www/logs/access-nextcloud.log |
|---|
| | | regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200 |
|---|
