we have the purchased rule set and attempting to configure with LiteSpeed. We have installed WPsyslog2 onto one of our sites and made a bad logon attempt. It was correctly written to syslog with the following
Code: Select all
Nov 12 09:20:52 ws1 core[8661]: [XXX.XXX.XXX.XXX na] http://www.somesite.com Info: User authentication failed. User name: badperson
Code: Select all
<decoder name="wordpress">
<program_name>^WPsyslog</program_name>
<prematch>^[</prematch>
<regex offset="after_prematch">^(\d+.\d+.\d+.\d+) </regex>
<order>srcip</order>
</decoder>