+++ /dev/null
-; YYYY/MM/DD HH:MM:SS [LEVEL] PID:TID yadda yadda
-[Nginx messages grouped.]
-log 1 pass = 2014/12/30 06:07:37 [yadda] 80:2 yadda yadda
-
-rule = 31300
-alert = 0
-decoder = nginx-errorlog
-
-[Nginx error message.]
-log 1 pass = 2014/12/30 06:07:37 [error] 80:2 yadda yadda
-
-rule = 31301
-alert = 3
-decoder = nginx-errorlog
-
-[Nginx warning message.]
-log 1 pass = 2014/12/30 06:07:37 [warn] 80:2 yadda yadda
-
-rule = 31302
-alert = 3
-decoder = nginx-errorlog
-
-[Nginx critical message.]
-log 1 pass = 2014/12/30 06:07:37 [crit] 80:2
-
-rule = 31303
-alert = 5
-decoder = nginx-errorlog
-
-[Server returned 404 (reported in the access.log).]
-log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah failed (2: No such file or directory)
-log 2 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah is not found (2: No such file or directory)
-
-rule = 31310
-alert = 0
-decoder = nginx-errorlog
-
-[Incomplete client request.]
-log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah accept() failed (53: Software caused connection abort)
-
-rule = 31311
-alert = 0
-decoder = nginx-errorlog
-
-[Initial 401 authentication request.]
-log 1 pass = 2015/01/08 11:31:23 [error] 80:2 no user/password was provided for basic authentication
-
-rule = 31312
-alert = 0
-decoder = nginx-errorlog
-
-[Web authentication failed.]
-log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda password mismatch, client yadda
-log 2 pass = 2015/01/08 11:31:23 [error] 80:2 yadda was not found in yadda
-
-rule = 31315
-alert = 5
-decoder = nginx-errorlog
-
-# Can't yet test frequency <rule id="31316" level="10" frequency="6" timeframe="240">
-;[Multiple web authentication failures.]
-;
-;rule = 31316
-;alert = 10
-;decoder = nginx-errorlog
-
-[Common cache error when files were removed.]
-log 1 pass = 2015/01/08 11:31:23 [crit] 80:2 yadda yadda failed (2: No such file or directory
-
-rule = 31317
-alert = 0
-decoder = nginx-errorlog
-
-[Invalid URI, file name too long.]
-log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda yadda failed (36: File name too long)
-
-rule = 31320
-alert = 10
-decoder = nginx-errorlog