annotate remote.mbmg @ 20:0d65c3de34fd

add better logging
author carl
date Sun, 08 Jan 2006 12:36:57 -0800
parents 5dfe0138b4f9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
10
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
1 threshold 550;
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
2
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
3 ignore {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
4 127.0.0.0/8; // localhost
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
5 205.147.40.32/26; // 510sg
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
6 205.147.0.100/24; // digilink
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
7 205.147.39.128/25; // ams
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
8 205.147.48.64/26; // mbmg
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
9 };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
10
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
11 file "/var/log/cisco-firewall" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
12 pattern "Inbound_Firewall denied (tcp|udp) ([^(]*)" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
13 index 2; // zero based
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
14 bucket 200;
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
15 };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
16 };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
17
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
18 file "/var/log/secure" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
19 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
20 index 1; // zero based
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
21 bucket 400;
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
22 };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
23 pattern "sshd.*Failed password .* from (.*) port" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
24 index 1; // zero based
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
25 bucket 400;
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
26 };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
27 };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
28
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
29 // file "/var/log/messages" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
30 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
31 // index 1; // zero based
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
32 // bucket 300;
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
33 // };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
34 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
35 // index 1; // zero based
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
36 // bucket 300;
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
37 // };
5dfe0138b4f9 initial coding
carl
parents:
diff changeset
38 // };