Hi all,
hope one of you got an idea how to solve DOS attacks against our mail server (using HostMon)*.
I liked to watch the log file and if it grows for more than X [lines | kB] per time get alarmed.
How would I achieve that in HM?
Thanks, Rasc
*The issue is: Every other week any 'malicious person' tries to spy out usernames/passwords of local POP3 accounts.
After enough attacks the server crashes.
Unfortunately the log (plain text log file) is pretty bad/unusable. A typical login looks like
Connection from 1.2.3.4, Wed Mar 09 10:17:06 2011
User Fred, (2) 0 messages, 0 bytes
0 sec. elapsed, connection closed Wed Mar 09 10:17:06 2011
and a typical attack like this:
Connection from 178.239.83.1, Wed Mar 09 10:15:17 2011
1 sec. elapsed, connection closed Wed Mar 09 10:15:18 2011
[HowTo] check text (log) file for growth?
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
[HowTo] check text (log) file for growth?
You may setup "Folder/File Size" test and Action with "Advanced mode" and expression like:
Please check the manual or visit our web site for more information at:
Advanced action: http://www.ks-soft.net/hostmon.eng/mfra ... ncedaction
Folder/File Size test: http://www.ks-soft.net/hostmon.eng/mfra ... tm#dirsize
Code: Select all
('%SuggestedReply%'-'%SuggestedLastReply%') > '3 Kb'
Advanced action: http://www.ks-soft.net/hostmon.eng/mfra ... ncedaction
Folder/File Size test: http://www.ks-soft.net/hostmon.eng/mfra ... tm#dirsize