Date: Wed, 17 Oct 2001 07:46:40 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: "Maine LOA List Admin (Brent Bailey)" <brentb@loa.com> Cc: <questions@FreeBSD.ORG> Subject: Re: nimda & code-red & apache error logs Message-ID: <20011017074511.U85958-100000@localhost> In-Reply-To: <000f01c15705$108529e0$37b4a8c0@pretorian>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Oct 2001, Maine LOA List Admin (Brent Bailey) wrote: > IM running a 4.3 FBSD machine that has apache 1.3.19 ..I'm aware that these > viri are intended for IIS webservers ..but on my webservers ... machines > that are infected with nimda or code-red trying to access my apache > webservers ..is creating a ton of error logs ..im not sure this is affecting > the performance of the box ..but i know that the amount of windows machines > infected from these viri in crazy. > > seems most all the machines ive seen trying to access my webserver are from > class A ip addresses...of 65.x.x.x > is there a way to either stop the amount of loging this is causing ?? or at > least stop the logging from these types of requests.. > > Brent The most elegant (IE simple) way I've seen people do this is to change your ErrorLog line from: ErrorLog /usr/local/example_path/logs/error_log to: ErrorLog "|egrep -v '\.exe' >> /usr/local/example_path/logs/error_log" Someone else here may have a better regular expression to catch them all. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011017074511.U85958-100000>