|
9
|
1 threshold 550;
|
|
3
|
2
|
|
|
3 ignore {
|
|
|
4 127.0.0.0/8; // localhost
|
|
1
|
5 };
|
|
|
6
|
|
20
|
7 // file "/var/log/cisco.log" {
|
|
|
8 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
|
|
|
9 // index 2; // zero based
|
|
|
10 // bucket 200;
|
|
|
11 // };
|
|
|
12 // };
|
|
3
|
13
|
|
5
|
14 file "/var/log/secure" {
|
|
|
15 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
|
|
|
16 index 1; // zero based
|
|
9
|
17 bucket 400;
|
|
5
|
18 };
|
|
|
19 pattern "sshd.*Failed password .* from (.*) port" {
|
|
|
20 index 1; // zero based
|
|
9
|
21 bucket 400;
|
|
5
|
22 };
|
|
|
23 };
|
|
|
24
|
|
20
|
25 file "/var/log/httpd/access_log" {
|
|
|
26 pattern "(.*) - - .* /cgi-bin" {
|
|
|
27 index 1; // zero based
|
|
|
28 bucket 400;
|
|
|
29 };
|
|
|
30 pattern "(.*) - - .*/index2.php" {
|
|
|
31 index 1; // zero based
|
|
|
32 bucket 400;
|
|
|
33 };
|
|
|
34 pattern "(.*) - - .*/main.php" {
|
|
|
35 index 1; // zero based
|
|
|
36 bucket 400;
|
|
|
37 };
|
|
|
38 };
|
|
|
39
|
|
9
|
40 // file "/var/log/messages" {
|
|
|
41 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
|
|
|
42 // index 1; // zero based
|
|
|
43 // bucket 300;
|
|
|
44 // };
|
|
|
45 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
|
|
|
46 // index 1; // zero based
|
|
|
47 // bucket 300;
|
|
|
48 // };
|
|
|
49 // };
|
