[Dshield] Perhaps some silly questions, but...

John Hardin johnh at aproposretail.com
Tue Sep 17 22:13:24 GMT 2002

> Is anybody parsing apache logs for codered/nimbda 'attacks' and sending that
> up?  I currently dump most of that stuff to /dev/null but perhaps it could
> be useful.

That's easy. In /etc/logrotate.d/apache:

    egrep '"GET .*\.ida\?' /var/log/httpd/access_log | mail -s 'APACHE'
redalert at dshield.org

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 ...people confuse "security" and "Trustworthy Computing."
                                 - Criag Mundie, MS Senior VP and CTO
 92 days until The Two Towers

More information about the list mailing list