Decoder and Rules for apache-2.4 error logs

[bchavet]

Apache-2.4 has a different error log format than previous versions. This pull request adds the ability to analyze the new log format, while maintaining the ability to continue to analyze error logs from older versions of apache.

[jrossi]

Do you examples for the rules them selves. We like to include them so we can test them with our rule testing system. https://github.com/ossec/ossec-hids/tree/master/contrib/ossec-testing/tests

It is not the best but works some and helps to make sure we don't make regressions in our rules.

[bchavet]

I don't have examples for 30304, 30307, or 30317, but the log entries below should trigger each of the other rules. I pulled the error codes directly from the apache-2.4 source code.

30301:

[Wed Oct 01 03:52:11.000095 2014] [proxy:warn] [pid 18663] [client 98.139.134.98:46558] AH01136: Unescaped URL path matched ProxyPass; ignoring unsafe nocanon

30302:

[Mon Sep 08 14:10:42.032107 2014] [core:error] [pid 31386] AH00046: child process 2006 still did not exit, sending a SIGKILL

30303:

[Wed Sep 24 11:10:36.505350 2014] [mpm_prefork:notice] [pid 3922] AH00169: caught SIGTERM, shutting down

30305:

[Thu Sep 04 02:22:05.214944 2014] [authz_core:error] [pid 27220] [client 115.239.212.71:22191] AH01630: client denied by server configuration: proxy:http://localhost/server-status

30306:

[Sat Sep 06 06:09:08.255020 2014] [autoindex:error] [pid 32214] [client 89.99.111.124:38805] AH01276: Cannot serve directory /var/www/www.example.com/docroot/sites/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive

30308:

[Fri Sep 26 08:14:44.904058 2014] [auth_basic:error] [pid 303] [client 219.105.115.195:45957] AH01617: user user123: authentication failure for "/": Password Mismatch

30309:

[Thu Sep 11 15:48:27.345309 2014] [auth_basic:error] [pid 11953] [client 184.173.183.172:48400] AH01618: user  not found: /robots.txt
[Wed Sep 24 09:44:19.275682 2014] [auth_basic:error] [pid 2673] [client 194.9.242.240:50053] AH01618: user 106005623 not found: /

30310: (multiple instances of 30309)

30312:

[Thu Aug 07 11:55:05.701255 2014] [:error] [pid 17482] [client 80.6.56.54:57681] PHP Warning:  require_once(/var/www/example.com/web/../app/bootstrap.php.cache): failed to open stream: No such file or directory in /var/www/example.com/web/app.php on line 6

30315:

[Thu Aug 28 00:57:46.128474 2014] [core:error] [pid 20466] [client 89.248.160.214:58106] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1

30316: (multiple instances of 30315)

[bchavet]

Let me know if you need anything else