search

ReJeCtAll / naxsi

Automatically exported from code.google.com/p/naxsi
Other
0 stars 0 forks source link

other way to parse nginx log for rules #39

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
hi
is there any way we can generate white rules?
i have installed python26 for centos5 - .py files just hangs for 15-20min still 
nothing...
maybe we can take log and parse it different way???

thank you

Original issue reported on code.google.com by design...@gmail.com on 27 Jun 2012 at 8:25

GoogleCodeExporter commented 8 years ago 
Hi, 

What is the size of your logfile ? 
The parsing can be very slow because we have to parse every line, but 20 
minutes seem to be very long. 
You can also generate whitelist with nx_intercept and nx_extract (the "classic" 
 way, see the wiki for more information).

Original comment by sephirot...@gmail.com on 5 Jul 2012 at 5:42

GoogleCodeExporter commented 8 years ago 
Hello,

Next version (0.48) is making log files imports 60 times faster.
Please give a try to SVN to see if fix is ok for you !

Best regards,

Original comment by ori...@gmail.com on 16 Jul 2012 at 3:59

GoogleCodeExporter commented 8 years ago 
python26 nx_extract.py naxsi-ui.conf
Traceback (most recent call last):
  File "nx_extract.py", line 14, in <module>
    from twisted.web.guard import HTTPAuthSessionWrapper, DigestCredentialFactory
  File "/usr/lib64/python2.6/site-packages/twisted/web/guard.py", line 10, in <module>
    from twisted.web._auth.wrapper import HTTPAuthSessionWrapper
  File "/usr/lib64/python2.6/site-packages/twisted/web/_auth/wrapper.py", line 17, in <module>
    from twisted.python.components import proxyForInterface
ImportError: cannot import name proxyForInterface

Original comment by design...@gmail.com on 17 Jul 2012 at 7:22

GoogleCodeExporter commented 8 years ago 
KAMON GUYS :)
im getting more help from iptables firewall than your naxsi. banning lamers all 
the way.

month trying to make it work, and still nothing...

ok. could you please explain why do i see naxsi entries in nginx error log, 
running exploit script, but nothing shows that naxsi sees this shit... nothing 
in db, nothing in web interface... does it work at all??????
zero help from this software..

hm, do i need these white-rules???
what if i run it in non-learning mode? without any whitelist etc...

im just going to uninstall this crap at the end of this week if nothing 
changes...

and your wiki page just something... for god sake....

Original comment by design...@gmail.com on 17 Jul 2012 at 11:31

GoogleCodeExporter commented 8 years ago 
Hello,

>ok. could you please explain why do i see naxsi entries in nginx error log, 
running >exploit script, but nothing >shows that naxsi sees this shit... 
nothing in db, >nothing in web interface... does it work at all??????
So far, 10 times out if 10, this kind of "issue", is related to incorrect 
software configuration. Posting your configuration might help. And yes, people 
do use it with success. Other people facing the same issue solved it.

On another hand, "running exploit script" while in learning mode makes no 
sense. I think you misunderstood the goal of the learning mode.

>zero help from this software..
Actually, we asked you a question (see current issue), but you did not reply.

>hm, do i need these white-rules???
>what if i run it in non-learning mode? without any whitelist etc...
Asking this might suggest you do not have a good understanding of how the 
software works.

>im just going to uninstall this crap at the end of this week if nothing 
changes...
This is an open source project, so people work on it on their free time, I 
think you should show a bit more respect if you actually expect any help. The 
way you are acting seems more than inappropriate to me.

>and your wiki page just something... for god sake....
We are aware that the documentation is lacking, and we are working on it.
On the other hand, this is the good point of open source : If you are not happy 
with it, you can fix it. If you think the wiki is not precise enough, posting 
an issue with the things that are missing / incorrect in the documentation 
might be more helpful than "it sucks". Or even better, propose changes, harder 
than just complaining, but waaaay more efficient.

Original comment by ori...@gmail.com on 18 Jul 2012 at 9:34

GoogleCodeExporter commented 8 years ago 
hm, it is all your wiki,
configured like you said.

i am not creating my own settings... default.
THATS WHAT IM TALKING ABOUT - NO STRAIGHT FORWARD MANUALS AVAILABLE!!!!!

what to do to make it work just plug and play????

Original comment by design...@gmail.com on 18 Jul 2012 at 12:43

GoogleCodeExporter commented 8 years ago 
That's the other bright side of open source, I can get rid of people like you 
without even the slightest remorse.

Want plug & play ? Give your money to an appliance vendor, this is what you 
need.

PS: Regarding how fast you manage to lower my expectations in humanity, I 
decided not to help you.

Original comment by ori...@gmail.com on 18 Jul 2012 at 1:19

GoogleCodeExporter commented 8 years ago

Original comment by ori...@gmail.com on 18 Jul 2012 at 1:21