Hi all,
Thanks for the reply.
i not use knockd because what im trying to do here is basically, to write a program looking for an attempt on closed port based on syslog generated.
If the...
Type: Posts; User: termvrl; Keyword(s):
Hi all,
Thanks for the reply.
i not use knockd because what im trying to do here is basically, to write a program looking for an attempt on closed port based on syslog generated.
If the...
Hi All,
Thanks for the reply. Its work.
#!/bin/bash
PID2=$(ps ax | grep [s]ec | awk '{print $1}')
kill -USR1 $PID2
Hi all,
i have try. but still same the error.
root@ubuntu:/home/term# ps ax | grep [s]ec
1669 pts/0 S+ 0:01 perl sec -conf=tim.conf -input=-
root@ubuntu:/home/term#...
Hi all,
I try to write a bash script to translate this command.
$ ps -ax | grep sec
379 p0 S+ 0:00.18 perl sec.pl -conf=C5.1.01.conf -input=- -debug=4 $
kill -USR1 379
Hi all,
I found this code to sum byte of access.log file in apache.
cat access.log | perl -e 'my $sum=0; while(<>) { my ($traffic) = m/\[.+\] ".+" \d+ (\d+)/; $sum += $traffic}; print...
Hi all,
i just want to know, what is the technology behind the GUI of network/security devices.
The GUI can provide the searching and display info from database, change the configuration on the...
Hi,
i have a problem to match a floating type number.
Let say, i want to match 20.0 in 20.0%us,
My current code,
cpu=$(top -bn1 | grep -oP '\d\d.\d(?=%us)')
But it will prompt error...
Hi Lars,
I managed to solve it by using only this part on "pattern",
pattern=^.*\[msg "([^"]+)".*\[severity "([^"]+).*$
and followed by "action",
Hi,
it seem that it not recognized the \u\F in the "Severity - \u\F$2/".
So this program use what type of regex? is it same as your link, perl based regex?
Hi,
The tutorial was written on 2004.Is it outdated or irrelevant anymore?
It will try your suggestion on the iptables first. I will give a feedback on it.
Hi all,
Thanks for the reply.
Here is the sample conf file(some called it rule file). In this file, it try to do a port knocking program. I will start the sshd if two condition fulfill, first...
Hi All,
Thanks for your reply.
First of all, what im trying to do is for a syslog analysis. i have a centralized syslog server that received logs from security devices, such as firewall, ids,...
Hi all,
I would to know how we can set/enable a syslog logging for an attempted connection on a closed port.
I want to test for a port knocking. for e.g ; If received a attempted connection on...
Hi,
I'm using a perl program call sec - simple event correlator.
It has a .conf file for pattern matching using regex. I dont know what kind of regex it use.
so, any way how i can find what kind...
Hi all,
im new to regex.
what im trying to do is to match a few keywords and take it as a variable.
For example:
i have a sample log:
192.168.0.13|<131>Nov 22 06:15:36 ubuntu...
Hi thanks
i installed pi, and the cpu load hike very fast. =D
Hi all,
is there any tools that can boost cpu usage to 100% easily?
currently i use simple script doing a never ending while loop process.
or maybe a web server stress tools that can DOS the...
Hi,
Thanks for your reply.
This script is work for me, but need to install 'bc' first.
#!/bin/bash
cpu=$(top -bn1 | grep -oP '\d\d.\d(?=%us)')
#echo "Test $cpu "
if (( $(bc <<< "$cpu >...
Hi all,
i try to put in on a bash script.
But i encountered an error.
Here my script:
#!/bin/bash
cpu=$(top -bn1 | grep -oP '\d.\d(?=%us)')
#echo "Test $cpu "
if[$cpu > 0.0];then
Hi steeldriver,
Thanks for your explanation.
I dont know that regex has different style. Thanks again.
Hi,
Thanks for the response.
It works.
I will find more into 'awk' , 'sed' . its usefull.
Hi All,
I tried to use regex to do a pattern matching for CPU % usage. i only need the value, 0.0.
The command i use:
top -bn1 | grep "Cpu(s)" | grep ".\.." | grep ".\..%us"
The result:
Hi All,
I want to ask, how we can monitor services performance, for e.g, apache cpu & nic usage, using script.
I want to use this script with syslog server, if the apache cpu & nic usage is high,...
Thanks for response...
i am exploring sed.
after googling around, i found that modsec also have console panel called waf-fle.
Hi Thanks for your response.
I managed to send modsecurity alert to SIEM server using rsyslog on my web server.
I was confused between to type of log provided by modsecurity,...