tmf/logfilter

a cli app for filtering web server access logs

Maintainers

Details

github.com/tmf/logfilter

Source

Issues

Installs: 4

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

dev-master 2015-03-23 23:13 UTC

Requires

MIT 784efdfb717285242f5974912caef6cf894fdc2f

  • Tom Forrer <tom.forrer.woop@gmail.com>

This package is not auto-updated.

Last update: 2024-05-11 15:51:13 UTC

README

Logfilter is PHP CLI application which consumes log entries from a web server's access log. Each log entry is then processed in a filter chain implemented with the Symfony EventDispatcher component, where you can add your own filter's with a container service definition (config.yml). The idea is that log entries can be passed along the filter chain (or withheld). Each filter (an EventListener) can also influence the propagation of the logentries or dispatch new events (like banning a host).

Usage

  1. Configure the filter chain with config.yml: declare your EventListener's as Services, order by inverse with priority parameter in the tag. ```yaml` tmf.logfilter.endpoint: class: Tmf\LogFilter\Filter\EndPointFilter arguments: endpoints: - "\/endpoint" tags: - { priority: 10, name: kernel.event_listener, event: logfilter.process, method: onProcess }

    tmf.logfilter.requestabuse: class: Tmf\LogFilter\Filter\RequestAbuseFilter arguments: window: 5 maxHits: 3 eventDispatcher: @event_dispatcher tags: - { priority: 9, name: kernel.event_listener, event: logfilter.process, method: onProcess } - { name: kernel.event_listener, event: logfilter.report, method: onReport } - { name: kernel.event_listener, event: logfilter.ban_host, method: onBanHost }

    tmf.logfilter.getparameter: class: Tmf\LogFilter\Filter\GetParameterCounter arguments: getParameter: "param" tags: - { priority: 8, name: kernel.event_listener, event: logfilter.process, method: onProcess } - { name: kernel.event_listener, event: logfilter.report, method: onReport } - { name: kernel.event_listener, event: logfilter.ban_host, method: onBanHost }

  2. Run the logfilter with

    ./bin/logfilter -c config.yml access.log

Extend

You can tie in your own filters (like a UserAgent filter, or a Datacenter IP-Block filter). EventListeners will receive a LogEntriesEvent event, whenever a 'logfilter.process' or 'logfilter.ban_host' event is dispatched. The LogEntriesEvent can have one or multiple LogEntry objects (multiple: when log entries are withheld)

Todo

  • use console output for reports
  • cleanup