|
10
|
1 threshold 550;
|
|
|
2
|
|
|
3 ignore {
|
|
|
4 127.0.0.0/8; // localhost
|
|
|
5 205.147.40.32/26; // 510sg
|
|
|
6 205.147.0.100/24; // digilink
|
|
|
7 205.147.39.128/25; // ams
|
|
|
8 205.147.48.64/26; // mbmg
|
|
|
9 };
|
|
|
10
|
|
|
11 file "/var/log/cisco-firewall" {
|
|
|
12 pattern "Inbound_Firewall denied (tcp|udp) ([^(]*)" {
|
|
|
13 index 2; // zero based
|
|
|
14 bucket 200;
|
|
|
15 };
|
|
|
16 };
|
|
|
17
|
|
|
18 file "/var/log/secure" {
|
|
|
19 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
|
|
|
20 index 1; // zero based
|
|
|
21 bucket 400;
|
|
|
22 };
|
|
|
23 pattern "sshd.*Failed password .* from (.*) port" {
|
|
|
24 index 1; // zero based
|
|
|
25 bucket 400;
|
|
|
26 };
|
|
|
27 };
|
|
|
28
|
|
|
29 // file "/var/log/messages" {
|
|
|
30 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
|
|
|
31 // index 1; // zero based
|
|
|
32 // bucket 300;
|
|
|
33 // };
|
|
|
34 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
|
|
|
35 // index 1; // zero based
|
|
|
36 // bucket 300;
|
|
|
37 // };
|
|
|
38 // };
|
