https://docs.mitigator.ru/v26.04/en/tags/syslog/ Recent content in Syslog on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/integrate/fail2ban/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/fail2ban/ The following web server security configuration is described: Nginx module ngx_http_limit_req detects the excess of the request limit; fail2ban analyzes error.log, which Nginx uses to report on the excesses; IP is added to the list of blocked by MITIGATOR API. MITIGATOR API client There is a script mitigator.py (download) to manage MITIGATOR, in particular to temporarily block an IP address via the MITIGATOR API. If necessary, the script can be modified to perform any other actions on MITIGATOR. https://docs.mitigator.ru/v26.04/en/install/advanced/syslog-host/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/install/advanced/syslog-host/ To configure the syslog sender hostname: Create a YML file named docker-compose.syslog.yml with the following content: services: gateway: hostname: "desired sender name" Add docker-compose.syslog.yml to the COMPOSE_FILE list in the .env file: sed -i 's/^COMPOSE_FILE=\(.*\)$/COMPOSE_FILE=\1:docker-compose.syslog.yml/' .env Restart MITIGATOR: docker-compose down && docker-compose up -d Related Content Custom TLS Certificate Working Through a Proxy Ansible Blocking IP on MITIGATOR with Nginx and Fail2ban Executing Scripts on Log Events Favicon Replacement MITIGATOR Installation System Preparation Virtual Machine Web Server Log Analyzer https://docs.mitigator.ru/v26.04/en/integrate/syslogng/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/syslogng/ By setting up syslog-ng, as well as syslog translation on the MITIGATOR side, you can execute arbitrary scripts: blocking scripts, protection switching, BGP route switching, and so on. Syslog record format. Syslog-ng setup The configuration is written to /etc/syslog-ng/conf.d/mitigator.conf. Parameters for receiving messages (protocol, port) must match the settings in the MITIGATOR web interface. The expect-hostname option is required because the hostname is specified in the messages. source s_udp { syslog(transport("udp") flags(expect-hostname)); }; All MITIGATOR messages have the same program name, by which you can filter them: https://docs.mitigator.ru/v26.04/en/integrate/log-analyzer/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/integrate/log-analyzer/ Info The log analysis functionality is additionally licensed. Logan is a MITIGATOR functionality for analyzing logs of a protected Web server (HTTP, HTTPS), detecting anomalies and attacking addresses. Protected servers send their logs to the Logan using syslog RFC 3164 (UDP, TCP). Logan can be located on the same server as the rest of the MITIGATOR, or separately. Logan on MITIGATOR Instance The following steps assume that an instance of MITIGATOR has already been installed.