Conduct nginx log early warning through nailing robot (suspected attack request)

Time:2022-5-6

1. First, establish a group chat on the nail

2. Group settings – > intelligent group assistant – > Add robot – > get webhook, where access_ The token parameter can directly replace the XXXXXX requested by curl below.

3. Run the script directly and start monitoring the warning information

Here is the script code

while :

do

formatDate=`date "+%d/%b/%Y:%H:%M" | cat`;

formatDate=`echo ${formatDate%?}`

agoformatDate=`date -d "10 minute ago" "+%d/%b/%Y:%H:%M" | cat`;

agoformatDate=`echo ${agoformatDate%?}`

#echo ${formatDate}\|${agoformatDate}

log=`tail -1000 access. Log | grep - E ${formatdate} \ | ${agoformatdate} | grep - V "/ log rule"`

#echo $log

logLength=`expr length "$log"`;

#echo $logLength;

if [ $logLength -gt 50 ];then

Echo "if the log length is greater than 50, it means there is a suspected attack request, and a nail warning message is sent";

Curl - I - K - H "content type: application / JSON" - x post - D '{"msgtype": "text", "text": "content": "suspected attack request, please handle"}}' https://oapi.dingtalk.com/robot/send?access_token=xxxxxx

fi

sleep 600;

done

Recommended Today

SAP Spartacus Definition of Done

SAP Spartacus Definition of Done) Coding guidelines The Spartacus team adopted the following set of rules to maintain the readability and maintainability of Spartacus code. As a contributor, we ask you to follow these rules (even if you find them violated somewhere). When files always don’t follow these rules and following them will make the […]