Issue: Script was returning error if Apache logs not found, blocking HTTP
attack monitoring and cluttering the threat feed display.
Before:
No Apache logs found → ERROR message in threat feed → return 1 (failure)
Result: Confusing error, but other monitoring (SYN, SSH, email) continues
After:
No Apache logs found → Log warning to debug.log → return 0 (success)
Result: Clean threat feed, other monitoring continues unaffected
Impact:
- SYN flood detection continues (not dependent on Apache logs)
- SSH brute force detection continues
- Email attack detection continues
- Firewall block detection continues
- Only HTTP attack monitoring (from Apache logs) is skipped
This allows the script to work on servers without Apache or with
non-standard log locations, while still providing comprehensive
network-level threat detection.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
cschantz
f7ac93a626