1 ; YYYY/MM/DD HH:MM:SS [LEVEL] PID:TID yadda yadda
2 [Nginx messages grouped.]
3 log 1 pass = 2014/12/30 06:07:37 [yadda] 80:2 yadda yadda
7 decoder = nginx-errorlog
10 log 1 pass = 2014/12/30 06:07:37 [error] 80:2 yadda yadda
14 decoder = nginx-errorlog
16 [Nginx warning message.]
17 log 1 pass = 2014/12/30 06:07:37 [warn] 80:2 yadda yadda
21 decoder = nginx-errorlog
23 [Nginx critical message.]
24 log 1 pass = 2014/12/30 06:07:37 [crit] 80:2
28 decoder = nginx-errorlog
30 [Server returned 404 (reported in the access.log).]
31 log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah failed (2: No such file or directory)
32 log 2 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah is not found (2: No such file or directory)
36 decoder = nginx-errorlog
38 [Incomplete client request.]
39 log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah accept() failed (53: Software caused connection abort)
43 decoder = nginx-errorlog
45 [Initial 401 authentication request.]
46 log 1 pass = 2015/01/08 11:31:23 [error] 80:2 no user/password was provided for basic authentication
50 decoder = nginx-errorlog
52 [Web authentication failed.]
53 log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda password mismatch, client yadda
54 log 2 pass = 2015/01/08 11:31:23 [error] 80:2 yadda was not found in yadda
58 decoder = nginx-errorlog
60 # Can't yet test frequency <rule id="31316" level="10" frequency="6" timeframe="240">
61 ;[Multiple web authentication failures.]
65 ;decoder = nginx-errorlog
67 [Common cache error when files were removed.]
68 log 1 pass = 2015/01/08 11:31:23 [crit] 80:2 yadda yadda failed (2: No such file or directory
72 decoder = nginx-errorlog
74 [Invalid URI, file name too long.]
75 log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda yadda failed (36: File name too long)
79 decoder = nginx-errorlog
projects / ossec-hids.git / blob