Forum Discussion
MR_RJ
Dec 01, 2011Cirrus
Hi again Aaron,
when HTTP_REQUEST {
if { [HTTP::request_num] > 1 } {
log local0. "SourceIP [IP::remote_addr] - SYSTEMNAME_Threads_high [HTTP::request_num]"
}
}
Gave me:
Dec 1 12:19:48 local/tmm info tmm[5376]: Rule SYSTEMNAME_TestEnv_Threads_High_Log : SourceIP 127.40.160.226 - SYSTEMNAME_Threads_high 2
Dec 1 12:19:50 local/tmm info tmm[5376]: Rule SYSTEMNAME_TestEnv_Threads_High_Log : SourceIP 127.40.160.226 - SYSTEMNAME_Threads_high 3
So I guess that part works well!
Would be nice to get it in it's own file or as I hoped for, a dynamically built list with sourceIPs and how many times the comparing number of threads has been crossed.
Must be possible somehow =)
//Robert