Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
To continue sharing your ideas and feedback, please visit features.plesk.com
And of yourse you may ask. That's the meaning of a Forum. I have 2 main ideas here. First of all you're right I would like to see if a (new) rule is being hit and the second is to probably analyse attack-patterns.
That thought also crossed my mind. You mean detecting stuff like port probing? Because in case of various types of DoS relying on heavy traffic having tons of log records to write may be quite harmful.
There are certainly options that would let you limit the rate of logging in a LOG rule. For example in ASL we have blacklist rulesets with LOG rules at the bottom that fire at 10 in 1 minute, and a limit burst of 2. A limit for a TOR blacklist looks like this:
-A ASL-TOR-DROP-LOG -m limit --limit 10/minute --limit-burst 2 -j LOG --log-level info --log-prefix "ASL_TOR_BLOCK " --log-tcp-sequence --log-tcp-options --log-ip-options
This way you will log the event with its own syslog prefix, and limit the total number of log messages to no more than 2 events in 1 minute.