|
3
|
1 threshold 600;
|
|
|
2
|
|
|
3 ignore {
|
|
|
4 127.0.0.0/8; // localhost
|
|
|
5 205.147.40.32/26; // 510sg
|
|
|
6 205.147.0.100/24; // digilink
|
|
|
7 205.147.39.128/25; // ams
|
|
1
|
8 };
|
|
|
9
|
|
5
|
10 file "/var/log/cisco.log" {
|
|
3
|
11 pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
|
|
|
12 index 2; // zero based
|
|
|
13 bucket 200;
|
|
|
14 };
|
|
1
|
15 };
|
|
3
|
16
|
|
5
|
17 file "/var/log/secure" {
|
|
|
18 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
|
|
|
19 index 1; // zero based
|
|
|
20 bucket 300;
|
|
|
21 };
|
|
|
22 pattern "sshd.*Failed password .* from (.*) port" {
|
|
|
23 index 1; // zero based
|
|
|
24 bucket 300;
|
|
|
25 };
|
|
|
26 };
|
|
|
27
|
|
|
28 file "/var/log/messages" {
|
|
3
|
29 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
|
|
|
30 index 1; // zero based
|
|
|
31 bucket 300;
|
|
|
32 };
|
|
|
33 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
|
|
|
34 index 1; // zero based
|
|
|
35 bucket 300;
|
|
|
36 };
|
|
|
37 };
|
