Detect suspicious activity with nginx
rami.essaid at gmail.com
Wed Aug 10 00:48:26 UTC 2011
In my opinion you dont want to rely on nginx to do the analytics simply to
log suspicious activity but rather need to look at a better
log analyzing solution. Have you checked out splunk? It is a very powerful
log analyzer that will allow you to more intelligently parse the logs and
has a free licence.
On Tue, Aug 9, 2011 at 5:17 PM, Maxime Ducharme <max at techboom.com> wrote:
> Hi guys
> We are looking for a way to detect suspicious activity on high-traffic
> websites. Parsing log files is not good option here, our current nginx
> config generates around 90G of logs for around 412K http requests each
> We are looking to use nginx to detect suspicious activity and generate
> precise log when it happens for post-processing.
> Some tools we are looking for would be something like
> - Detect IPs which accessed /uri1/ X times without accessing other URI
> in a period of time Y.
> - Detect IPs that are indexing our site by accessing sequential uris
> like /uri123, /uri124, /uri125, ...
> We are using load balancing services (haproxy), we enabled realip module
> in nginx, we need something that can work with it.
> If you have any pointers / ideas / module names that could help us,
> please let me know.
> Have a good day
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx