D 2020-12-09T09:45:44.918
L scripts
U mario
W 1893
## Log processors / filters
There's a small sample of log filter scripts/ in <kbd>Log</kbd> →
<kbd>Report</kbd> and → <kbd>Preprocess</kbd>.
> There aren't many yet. Because this is slightly hamstrung by the virtually
> unparsable Apache log formats. In particular any "extended" log formats
> aren't extractable just with cut/awk and similar shell constructs, because
> the log field order is arbitrary and thus incompatible across different
> setups. (And no, the standard combined format itself isn't useful to
> scan for more interesting attributes. Nor is the mish-mash of delimiters
> and the mid-90s datetime format.)
Nonetheless, you can probably use some of the reports. In particular the
netnea rulereport scripts. They basically craft similar exception rules,
as modseccfg recipes, but show them all at once - to cherrypick from.
You can keep the rule report window open alongside the main window. Making
it slightly more useful than the log tab even.
Report and preprocess scripts are just bundled with modseccfg for convenience.
And you can easily copy them out from the scripts/ directory, if you want
to keep using them independently. (If anyone wants an installer .deb bundle,
please drop a mail.)
#### Add your own
Use `locate modseccfg/scripts` to find the scripts/ directory. But **do not** save
your own scripts there, but just symlink them in. (Else they will get deleted with
any update.)
Each script (even if just a slim shell wrapper), requires a little description
block atop, at least:
# type: report
# category: mytools
# title: search for common issue...
grep "error" $1 # or whatever
You can parameterize the scripts likewise, or have a `# type: image` report
even.
See the `scripts/__init__.py` documentation block for details.
Filters are probably the easiest to craft.
Z 1335b4fea0013c097b9d22abfeb96a0d