Skip to content

Instantly share code, notes, and snippets.

View rorysavage77's full-sized avatar
🎯
Focusing

Rory Savage rorysavage77

🎯
Focusing
View GitHub Profile
modSecurityLog="./logs/modsec_audit.log"
securityString1="POST /activfoundation/login/oauth/facebook/callback"
securityString2="HTTP/1.1 400 Bad Request"
detailString="CF-Connecting-IP:"
modsecLogFile="./logs/modsec_audit.log"
$/ = "-Z--\n"; ## Input Record Seperator to create chunk
iparray = []
timeary = []
#!/bin/ruby
##################################################################
## modruby - a tools for parsing the modsecurity audit logs and ##
## taking action. ##
##################################################################
$modSecurityLog="./logs/modsec_audit.log"
$securityString1="POST /activfoundation/login/oauth/facebook/callback"
$securityString2="HTTP/1.1 400 Bad Request"
chunk.each_line do |line|
if line =~ /CF-Connecting-IP: (\d+.\d+.\d+.\d+)/
cfConntingIp = line.split("CF-Connecting-IP: ", 2)
puts cfConntingIp
end
end