Logagent
Integration instructions for Logagent (version 2.0.73 and above)
Step 1
Basic Configuration
Since Logagent version 0.2.73, the Access Watch plugin is directly integrated with Logagent so you don't have to install anything.
To start the configuration, activate the plugin and define your Api Key:
outputFilter:
- module: access-watch
config:
apiKey: "YOUR_REVEAL_API_KEY_HERE"
To get your Reveal API Key, just Sign Up.
Step 2
Source Configuration
Now, the plugin needs to know what kind of log types to match and where to find the IP Address and User Agent.
So, if your logs are formatted like that:
logSource: access_log
_type: access_log_combined
client_ip: 107.171.227.185
user_agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
method: POST
path: /wp-login.php
status_code: 200
You can use the following configuration:
outputFilter:
- module: access-watch
config:
apiKey: "YOUR_REVEAL_API_KEY_HERE"
matchTypes:
- access_log_combined
addressSource: client_ip
userAgentSource: user_agent
To get your Reveal API Key, just Sign Up.
Step 3
Destination Configuration
Finally, you need to tell the plugin where to put the augmented data:
outputFilter:
- module: access-watch
config:
apiKey: "YOUR_REVEAL_API_KEY_HERE"
matchTypes:
- access_log_combined
addressSource: client_ip
userAgentSource: user_agent
identityDestination: identity
reputationDestination: reputation
robotDestination: robot
To get your Reveal API Key, just Sign Up.
With that configuration, you'll then get this augmented request:
logSource: access_log
_type: access_log_combined
client_ip: 107.171.227.185
user_agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1
method: POST
path: /wp-login.php
status_code: 200
identity:
type: robot
reputation:
status: bad
threats:
- brute_force_login
robot:
id: 4c0cb48f-fdb3-4ac3-b333-bebcf49e80d
name: Mars
url: https://access.watch/database/robots/bad/mars
That was easy! If you need help, don't hesitate to contact us.