Hi guys
We are looking for a way to detect suspicious activity on high-traffic
websites. Parsing log files is not good option here, our current nginx
config generates around 90G of logs for around 412K http requests each
days.
We are looking to use nginx to detect suspicious activity and generate
precise log when it happens for post-processing.
Some tools we are looking for would be something like
-
Detect IPs which accessed /uri1/ X times without accessing other URI
in a period of time Y. -
Detect IPs that are indexing our site by accessing sequential uris
like /uri123, /uri124, /uri125, …
We are using load balancing services (haproxy), we enabled realip module
in nginx, we need something that can work with it.
If you have any pointers / ideas / module names that could help us,
please let me know.
Have a good day
Max