[Dshield] Perhaps some silly questions, but...

John Hardin johnh at aproposretail.com
Tue Sep 17 22:13:24 GMT 2002


> Is anybody parsing apache logs for codered/nimbda 'attacks' and sending that
> up?  I currently dump most of that stuff to /dev/null but perhaps it could
> be useful.

That's easy. In /etc/logrotate.d/apache:

  prerotate
    egrep '"GET .*\.ida\?' /var/log/httpd/access_log | mail -s 'APACHE'
redalert at dshield.org
  endscript


-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 ...people confuse "security" and "Trustworthy Computing."
                                 - Criag Mundie, MS Senior VP and CTO
-----------------------------------------------------------------------
 92 days until The Two Towers




More information about the list mailing list