Skip to content

Commit 9764be3

Browse files
atomicturtleatomicturtle
authored
Merge pull request #1787 from Nono-m0le/patch-1
Adding lighttpd decoder/rules
2 parents fc25543 + a3c7169 commit 9764be3

File tree

2 files changed

+15
-0
lines changed

2 files changed

+15
-0
lines changed

etc/decoder.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1953,6 +1953,14 @@ Jan 8 19:32:41 tp.lan dropbear[15165]: Pubkey auth succeeded for 'root' with ke
19531953
<order>srcip, action, id</order>
19541954
</decoder>
19551955

1956+
<!-- lighttpd.
1957+
- Examples:
1958+
- 2019-10-29 05:24:27: (mod_fastcgi.c.2543) FastCGI-stderr: PHP Fatal error: Uncaught ErrorException: Unknown: [CLOSED] IMAP connection broken (server response) (errflg=1) in Unknown:0
1959+
-
1960+
-->
1961+
<decoder name="lighttpd">
1962+
<prematch_pcre2>^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d: \(</prematch_pcre2>
1963+
</decoder>
19561964

19571965

19581966
<!-- Racoon VPN.

etc/rules/lighttpd_rules.xml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
<group name="local,lighttpd">
2+
<rule id="56201" level="10">
3+
<decoded_as>lighttpd</decoded_as>
4+
<regex>fastcgi</regex>
5+
<description>FastCGI error message.</description>
6+
</rule>
7+
</group>

0 commit comments

Comments
 (0)