3
|
1 threshold 600;
|
|
2
|
|
3 ignore {
|
|
4 127.0.0.0/8; // localhost
|
|
5 205.147.40.32/26; // 510sg
|
|
6 205.147.0.100/24; // digilink
|
|
7 205.147.39.128/25; // ams
|
1
|
8 };
|
|
9
|
3
|
10 file "/var/log/cisco.log" {
|
|
11 pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
|
|
12 index 2; // zero based
|
|
13 bucket 200;
|
|
14 };
|
1
|
15 };
|
3
|
16
|
|
17 file "messages.log" {
|
|
18 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
|
|
19 index 1; // zero based
|
|
20 bucket 300;
|
|
21 };
|
|
22 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
|
|
23 index 1; // zero based
|
|
24 bucket 300;
|
|
25 };
|
|
26 };
|