-
-
Notifications
You must be signed in to change notification settings - Fork 385
Domino
Jeff Johnson edited this page Sep 15, 2020
·
4 revisions
Domino is a web server provided by IBM.
Example log file paths are:
C:/Domino-LOG/**/*.log
C:/Program Files/IBM/Domino/data/IBM_TECHNICAL_SUPPORT/**/*.log
Example failed login regex:
^((?<date>.*?(?:AM|PM))\s*(?:SMTP\sServer:\sAuthentication\sfailed\sfor\suser\s(?<username>[^;]+?)\s*;.*?(?<ipaddress>\d{1.3}\.\d{1.3}\. \d{1,3}\.\d{1,3})$)|(TLS\/SSL\s+connection\s*(?<ipaddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})[(]\d+[)]\s*[-][>]\s*\d{1,3}\.\d{1,3}\. \d{1,3}\.\d{1,3}[(]\d+[)]\s*failed\swith.*$)|(SMTP\sServer\s*[[][^\]]*[\]]\sConnection\sfrom\s[[](?<ipaddress>\d{1,3}\.\d{1,3}\. \d{1,3}\.\d{1,3})[\]]\srejected\sfor\spolicy\sreasons.*?$))|((?<ipaddress>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?HTTP\/1\.1["]\s401.*$))
You have to configure the Domino server to write the Domlog ( what the weblog is HTTP / HTTPS ) also in a text file and name the location. The other logfile is the so-called console log of Domino and this is written by default in the IBM Tech directory. Also you can / must configure Domino to select what is logged in the console to fit the regex.
IPBan (c) 2012-Present Digital Ruby, LLC - https://ipban.com