annotate syslog2iptables.conf @ 23:048cd6e642bc stable-1-1

add better logging
author carl
date Sun, 08 Jan 2006 13:05:22 -0800
parents 2342081106d9
children 28fec0c67646
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
1 threshold 550;
3
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
2
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
3 ignore {
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
4 127.0.0.0/8; // localhost
1
551433a01cab initial coding
carl
parents:
diff changeset
5 };
551433a01cab initial coding
carl
parents:
diff changeset
6
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
7 // file "/var/log/cisco.log" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
8 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
9 // index 2; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
10 // bucket 200;
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
11 // };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
12 // };
3
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
13
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
14 file "/var/log/secure" {
276c4edc8521 initial coding
carl
parents: 4
diff changeset
15 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
276c4edc8521 initial coding
carl
parents: 4
diff changeset
16 index 1; // zero based
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
17 bucket 400;
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
18 };
276c4edc8521 initial coding
carl
parents: 4
diff changeset
19 pattern "sshd.*Failed password .* from (.*) port" {
276c4edc8521 initial coding
carl
parents: 4
diff changeset
20 index 1; // zero based
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
21 bucket 400;
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
22 };
276c4edc8521 initial coding
carl
parents: 4
diff changeset
23 };
276c4edc8521 initial coding
carl
parents: 4
diff changeset
24
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
25 file "/var/log/httpd/access_log" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
26 pattern "(.*) - - .* /cgi-bin" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
27 index 1; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
28 bucket 400;
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
29 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
30 pattern "(.*) - - .*/index2.php" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
31 index 1; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
32 bucket 400;
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
33 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
34 pattern "(.*) - - .*/main.php" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
35 index 1; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
36 bucket 400;
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
37 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
38 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
39
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
40 // file "/var/log/messages" {
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
41 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
42 // index 1; // zero based
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
43 // bucket 300;
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
44 // };
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
45 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
46 // index 1; // zero based
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
47 // bucket 300;
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
48 // };
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
49 // };