Mercurial > syslog2iptables

comparison syslog2iptables.conf @ 20:0d65c3de34fd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add better logging
author carl
date Sun, 08 Jan 2006 12:36:57 -0800
parents d76f9ff42487
children 2342081106d9
comparison
equal deleted inserted replaced
19:13b2e663b553 20:0d65c3de34fd
1 threshold 550; 1 threshold 550;
2 2
3 ignore { 3 ignore {
4 127.0.0.0/8; // localhost 4 127.0.0.0/8; // localhost
5 205.147.40.32/26; // 510sg
6 205.147.0.100/24; // digilink
7 205.147.39.128/25; // ams
8 }; 5 };
9 6
10 file "/var/log/cisco.log" { 7 // file "/var/log/cisco.log" {
11 pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { 8 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
12 index 2; // zero based 9 // index 2; // zero based
13 bucket 200; 10 // bucket 200;
14 }; 11 // };
15 }; 12 // };
16 13
17 file "/var/log/secure" { 14 file "/var/log/secure" {
18 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { 15 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
19 index 1; // zero based 16 index 1; // zero based
20 bucket 400; 17 bucket 400;
21 }; 18 };
22 pattern "sshd.*Failed password .* from (.*) port" { 19 pattern "sshd.*Failed password .* from (.*) port" {
20 index 1; // zero based
21 bucket 400;
22 };
23 };
24
25 file "/var/log/httpd/access_log" {
26 pattern "(.*) - - .* /cgi-bin" {
27 index 1; // zero based
28 bucket 400;
29 };
30 pattern "(.*) - - .*/index2.php" {
31 index 1; // zero based
32 bucket 400;
33 };
34 pattern "(.*) - - .*/main.php" {
35 index 1; // zero based
36 bucket 400;
37 };
38 };
39
40 file "/var/log/httpd/access_acia_log" {
41 pattern "(.*) - - .* /cgi-bin" {
42 index 1; // zero based
43 bucket 400;
44 };
45 };
46
47 file "/var/log/httpd/access_510sg_log" {
48 pattern "(.*) - - .* /cgi-bin" {
23 index 1; // zero based 49 index 1; // zero based
24 bucket 400; 50 bucket 400;
25 }; 51 };
26 }; 52 };
27 53