Log Monitor App

The Log Monitor App is used to review requests written to server log files in order to block, challenge and/or rate limit requesters (by IP address) that violate rules, such as making too many requests in a period of time, or making requests that appear to be malicious.

Launch Repositories

To launch the Repositories App:

1. Sign In to webCOMAND.
2. Click the "Apps" menu in the upper-left.
3. Select "Log Monitor".

Log Monitors

Add a Log Monitor to watch a specific log file, define rules to match on and update firewall rules accordingly.

The following fields must be filled out for each Log Monitor.

• Title - Name used to identify the Log Monitor.
• Description - Brief summary that explains the purpose of the Log Monitor.
• Firewall - Add and configure the firewall to use to block, challenge and unblock IPs.  Existing options include Firewalld and CloudFlare Web Application Firewall (WAF).
• Log Source - Add and configure the log file to monitor, including a filename template.
• Rules - Define any number of rules to be processed for each line in the log file.
• Active - Must be checked to activate the Log Monitor.

Log Monitor Rules

Add a Rules that will match on specific conditions and update the firewall accordingly.

The following fields are used to define each rule.

• Title - Name to identify the rule.
• Conditions - Any number of conditions to determine if a line in the log file is considered a match.  If no conditions are specified, the rule will match all requests and can be used for simple rate limiting.
• Requests - The number of requests allowed within the Period.
• Period - The duration that the number of Requests can occur within.
• Action - The action to perform at the firewall: Block, Challenge, etc.
• Duration - How long the action should remain in place.  If a Challenge action is selected and passed by the requester, it will not be presented again until Duration has passed and the rule matches again.
• Active - Must be checked to activate the rule.

• < Users
• Bases >