Hello all, I have logcheck running on a couple of servers, and it doesn't scan the apache logs by default, so there are also no default logcheck ignore rules. I have added the apache logs to logcheck's searchlist, and now of course I get ridiculous volumes of mail from it. I can pretty easily trim out IP's on the LAN, but I was wondering if anybody had a good ruleset that would let me trim out junk easily. The problem is, there's plenty of normal GET requests and so forth that I don't need to see, but there are also some malicious ones (worms and so forth) that maybe I should see. All of the ones I've seen so far are either Nimbda or other IIS ones, but that doesn't mean a Linux based one won't come along, so I don't want to filter all GET's. Anyone have one handy? Feel free to reply off-list if it's large. TIA, Steve -- BOFH excuse #436: Daemon escaped from pentagram
Attachment:
pgpEcoiB82YSD.pgp
Description: PGP signature