[HowTo] check text (log) file for growth?

rasc · Post by **rasc** » Wed Mar 09, 2011 3:58 am

Hi all,

hope one of you got an idea how to solve DOS attacks against our mail server (using HostMon)*.
I liked to watch the log file and if it grows for more than X [lines | kB] per time get alarmed.

How would I achieve that in HM?

Thanks, Rasc

*The issue is: Every other week any 'malicious person' tries to spy out usernames/passwords of local POP3 accounts.
After enough attacks the server crashes.

Unfortunately the log (plain text log file) is pretty bad/unusable. A typical login looks like
Connection from 1.2.3.4, Wed Mar 09 10:17:06 2011
User Fred, (2) 0 messages, 0 bytes
0 sec. elapsed, connection closed Wed Mar 09 10:17:06 2011
and a typical attack like this:
Connection from 178.239.83.1, Wed Mar 09 10:15:17 2011
1 sec. elapsed, connection closed Wed Mar 09 10:15:18 2011

KS-Soft Europe · Post by **KS-Soft Europe** » Wed Mar 09, 2011 8:18 am

You may setup "Folder/File Size" test and Action with "Advanced mode" and expression like:

Code: Select all

('%SuggestedReply%'-'%SuggestedLastReply%') > '3 Kb'

Please check the manual or visit our web site for more information at:
Advanced action: http://www.ks-soft.net/hostmon.eng/mfra ... ncedaction
Folder/File Size test: http://www.ks-soft.net/hostmon.eng/mfra ... tm#dirsize

rasc · Post by **rasc** » Wed Mar 09, 2011 11:27 am

Thank you very much for your suggestion. Works like a charm!

rasc · Post by **rasc** » Wed Mar 09, 2011 9:23 pm

...really works like a charm!
Had to get up tonight at 02:40 am and 4:10 am because POP3 and IMAP were attacked. But that's much better than 30min server downtime

Thanks again!

KS-Soft · Post by **KS-Soft** » Thu Mar 10, 2011 10:39 am

You are welcome

Regards
Alex