1; YYYY/MM/DD HH:MM:SS [LEVEL] PID:TID yadda yadda
2[Nginx messages grouped.]
3log 1 pass = 2014/12/30 06:07:37 [yadda] 80:2 yadda yadda
4
5rule = 31300
6alert = 0
7decoder = nginx-errorlog
8
9[Nginx error message.]
10log 1 pass = 2014/12/30 06:07:37 [error] 80:2 yadda yadda
11
12rule = 31301
13alert = 3
14decoder = nginx-errorlog
15
16[Nginx warning message.]
17log 1 pass = 2014/12/30 06:07:37 [warn] 80:2 yadda yadda
18
19rule = 31302
20alert = 3
21decoder = nginx-errorlog
22
23[Nginx critical message.]
24log 1 pass = 2014/12/30 06:07:37 [crit] 80:2
25
26rule = 31303
27alert = 5
28decoder = nginx-errorlog
29
30[Server returned 404 (reported in the access.log).]
31log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah failed (2: No such file or directory)
32log 2 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah is not found (2: No such file or directory)
33
34rule = 31310
35alert = 0
36decoder = nginx-errorlog
37
38[Incomplete client request.]
39log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah accept() failed (53: Software caused connection abort)
40
41rule = 31311
42alert = 0
43decoder = nginx-errorlog
44
45[Initial 401 authentication request.]
46log 1 pass = 2015/01/08 11:31:23 [error] 80:2 no user/password was provided for basic authentication
47
48rule = 31312
49alert = 0
50decoder = nginx-errorlog
51
52[Web authentication failed.]
53log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda password mismatch, client yadda
54log 2 pass = 2015/01/08 11:31:23 [error] 80:2 yadda was not found in yadda
55
56rule = 31315
57alert = 5
58decoder = nginx-errorlog
59
60# Can't yet test frequency   <rule id="31316" level="10" frequency="6" timeframe="240">
61;[Multiple web authentication failures.]
62;
63;rule = 31316
64;alert = 10
65;decoder = nginx-errorlog
66
67[Common cache error when files were removed.]
68log 1 pass = 2015/01/08 11:31:23 [crit] 80:2 yadda yadda failed (2: No such file or directory
69
70rule = 31317
71alert = 0
72decoder = nginx-errorlog
73
74[Invalid URI, file name too long.]
75log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda yadda failed (36: File name too long)
76
77rule = 31320
78alert = 10
79decoder = nginx-errorlog
80