Mercurial > syslog2iptables
comparison syslog2iptables.conf @ 5:276c4edc8521
initial coding
| author | carl |
|---|---|
| date | Fri, 02 Dec 2005 17:52:44 -0800 |
| parents | 2737ab01659a |
| children | d76f9ff42487 |
comparison
equal
deleted
inserted
replaced
| 4:2737ab01659a | 5:276c4edc8521 |
|---|---|
| 5 205.147.40.32/26; // 510sg | 5 205.147.40.32/26; // 510sg |
| 6 205.147.0.100/24; // digilink | 6 205.147.0.100/24; // digilink |
| 7 205.147.39.128/25; // ams | 7 205.147.39.128/25; // ams |
| 8 }; | 8 }; |
| 9 | 9 |
| 10 file "mycisco.log" { | 10 file "/var/log/cisco.log" { |
| 11 pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { | 11 pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { |
| 12 index 2; // zero based | 12 index 2; // zero based |
| 13 bucket 200; | 13 bucket 200; |
| 14 }; | 14 }; |
| 15 }; | 15 }; |
| 16 | 16 |
| 17 file "mymessages.log" { | 17 file "/var/log/secure" { |
| 18 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { | |
| 19 index 1; // zero based | |
| 20 bucket 300; | |
| 21 }; | |
| 22 pattern "sshd.*Failed password .* from (.*) port" { | |
| 23 index 1; // zero based | |
| 24 bucket 300; | |
| 25 }; | |
| 26 }; | |
| 27 | |
| 28 file "/var/log/messages" { | |
| 18 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { | 29 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { |
| 19 index 1; // zero based | 30 index 1; // zero based |
| 20 bucket 300; | 31 bucket 300; |
| 21 }; | 32 }; |
| 22 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { | 33 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { |