Search found 3 matches
- 15 Oct 2015, 23:04
- Forum: General Discussion (csf)
- Topic: help with logfile parsing
- Replies: 3
- Views: 2554
Re: help with logfile parsing
I turned on DEBUG and collected some logs, but DEBUG mode unfortunately still doesn't aggregate any failed logins. It logs startup and shutdown process, successful logins, and blocks, but not the individual failures that caused the blocks. (This actually makes the log harder to parse because there a...
- 29 Sep 2015, 21:26
- Forum: General Discussion (csf)
- Topic: help with logfile parsing
- Replies: 3
- Views: 2554
Re: help with logfile parsing
Thanks a lot, DEBUG mode will make the job a lot more straightforward! I will mess with BLOCK_REPORT and see what I can get out of that; it would be simpler for many reasons to log these to MySQL in realtime, rather than having to go back through logs after the fact. Unfortunately the usernames of l...
- 29 Sep 2015, 18:56
- Forum: General Discussion (csf)
- Topic: help with logfile parsing
- Replies: 3
- Views: 2554
help with logfile parsing
I'm looking to collect data about attackers , and I've been able to get started by parsing lfd.log into a database, but lfd.log only shows brutes ; it doesn't show all failed logins and port knocks. I'd like to be able to get all failures. I have found the list of logs at the bottom of the csf.conf...