syslog2iptables: syslog2iptables.conf annotate

annotate syslog2iptables.conf @ 20:0d65c3de34fd

add better logging

author	carl
date	Sun, 08 Jan 2006 12:36:57 -0800
parents	d76f9ff42487
children	2342081106d9

rev	line source
9 d76f9ff42487 initial coding carl parents: 5 diff changeset	1 threshold 550;
3 8fe310e5cd44 initial coding carl parents: 1 diff changeset	2
8fe310e5cd44 initial coding carl parents: 1 diff changeset	3 ignore {
8fe310e5cd44 initial coding carl parents: 1 diff changeset	4 127.0.0.0/8; // localhost
1 551433a01cab initial coding carl parents: diff changeset	5 };
551433a01cab initial coding carl parents: diff changeset	6
20 0d65c3de34fd add better logging carl parents: 9 diff changeset	7 // file "/var/log/cisco.log" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	8 // pattern "Internet_Firewall denied (tcp\|udp) ([^(]*)" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	9 // index 2; // zero based
0d65c3de34fd add better logging carl parents: 9 diff changeset	10 // bucket 200;
0d65c3de34fd add better logging carl parents: 9 diff changeset	11 // };
0d65c3de34fd add better logging carl parents: 9 diff changeset	12 // };
3 8fe310e5cd44 initial coding carl parents: 1 diff changeset	13
5 276c4edc8521 initial coding carl parents: 4 diff changeset	14 file "/var/log/secure" {
276c4edc8521 initial coding carl parents: 4 diff changeset	15 pattern "sshd.Failed password . from ::ffff:(.*) port" {
276c4edc8521 initial coding carl parents: 4 diff changeset	16 index 1; // zero based
9 d76f9ff42487 initial coding carl parents: 5 diff changeset	17 bucket 400;
5 276c4edc8521 initial coding carl parents: 4 diff changeset	18 };
276c4edc8521 initial coding carl parents: 4 diff changeset	19 pattern "sshd.Failed password . from (.*) port" {
276c4edc8521 initial coding carl parents: 4 diff changeset	20 index 1; // zero based
9 d76f9ff42487 initial coding carl parents: 5 diff changeset	21 bucket 400;
5 276c4edc8521 initial coding carl parents: 4 diff changeset	22 };
276c4edc8521 initial coding carl parents: 4 diff changeset	23 };
276c4edc8521 initial coding carl parents: 4 diff changeset	24
20 0d65c3de34fd add better logging carl parents: 9 diff changeset	25 file "/var/log/httpd/access_log" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	26 pattern "(.) - - . /cgi-bin" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	27 index 1; // zero based
0d65c3de34fd add better logging carl parents: 9 diff changeset	28 bucket 400;
0d65c3de34fd add better logging carl parents: 9 diff changeset	29 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	30 pattern "(.) - - ./index2.php" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	31 index 1; // zero based
0d65c3de34fd add better logging carl parents: 9 diff changeset	32 bucket 400;
0d65c3de34fd add better logging carl parents: 9 diff changeset	33 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	34 pattern "(.) - - ./main.php" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	35 index 1; // zero based
0d65c3de34fd add better logging carl parents: 9 diff changeset	36 bucket 400;
0d65c3de34fd add better logging carl parents: 9 diff changeset	37 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	38 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	39
0d65c3de34fd add better logging carl parents: 9 diff changeset	40 file "/var/log/httpd/access_acia_log" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	41 pattern "(.) - - . /cgi-bin" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	42 index 1; // zero based
0d65c3de34fd add better logging carl parents: 9 diff changeset	43 bucket 400;
0d65c3de34fd add better logging carl parents: 9 diff changeset	44 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	45 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	46
0d65c3de34fd add better logging carl parents: 9 diff changeset	47 file "/var/log/httpd/access_510sg_log" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	48 pattern "(.) - - . /cgi-bin" {
0d65c3de34fd add better logging carl parents: 9 diff changeset	49 index 1; // zero based
0d65c3de34fd add better logging carl parents: 9 diff changeset	50 bucket 400;
0d65c3de34fd add better logging carl parents: 9 diff changeset	51 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	52 };
0d65c3de34fd add better logging carl parents: 9 diff changeset	53
9 d76f9ff42487 initial coding carl parents: 5 diff changeset	54 // file "/var/log/messages" {
d76f9ff42487 initial coding carl parents: 5 diff changeset	55 // pattern "sshd.pam_unix.authentication failure.rhost=(.*) user=" {
d76f9ff42487 initial coding carl parents: 5 diff changeset	56 // index 1; // zero based
d76f9ff42487 initial coding carl parents: 5 diff changeset	57 // bucket 300;
d76f9ff42487 initial coding carl parents: 5 diff changeset	58 // };
d76f9ff42487 initial coding carl parents: 5 diff changeset	59 // pattern "sshd.pam_unix.authentication failure.rhost=(.*)$" {
d76f9ff42487 initial coding carl parents: 5 diff changeset	60 // index 1; // zero based
d76f9ff42487 initial coding carl parents: 5 diff changeset	61 // bucket 300;
d76f9ff42487 initial coding carl parents: 5 diff changeset	62 // };
d76f9ff42487 initial coding carl parents: 5 diff changeset	63 // };

Mercurial > syslog2iptables

annotate syslog2iptables.conf @ 20:0d65c3de34fd