Mercurial > syslog2iptables
comparison remote.mbmg @ 10:5dfe0138b4f9
initial coding
| author | carl |
|---|---|
| date | Thu, 08 Dec 2005 13:58:08 -0800 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 9:d76f9ff42487 | 10:5dfe0138b4f9 |
|---|---|
| 1 threshold 550; | |
| 2 | |
| 3 ignore { | |
| 4 127.0.0.0/8; // localhost | |
| 5 205.147.40.32/26; // 510sg | |
| 6 205.147.0.100/24; // digilink | |
| 7 205.147.39.128/25; // ams | |
| 8 205.147.48.64/26; // mbmg | |
| 9 }; | |
| 10 | |
| 11 file "/var/log/cisco-firewall" { | |
| 12 pattern "Inbound_Firewall denied (tcp|udp) ([^(]*)" { | |
| 13 index 2; // zero based | |
| 14 bucket 200; | |
| 15 }; | |
| 16 }; | |
| 17 | |
| 18 file "/var/log/secure" { | |
| 19 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { | |
| 20 index 1; // zero based | |
| 21 bucket 400; | |
| 22 }; | |
| 23 pattern "sshd.*Failed password .* from (.*) port" { | |
| 24 index 1; // zero based | |
| 25 bucket 400; | |
| 26 }; | |
| 27 }; | |
| 28 | |
| 29 // file "/var/log/messages" { | |
| 30 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { | |
| 31 // index 1; // zero based | |
| 32 // bucket 300; | |
| 33 // }; | |
| 34 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { | |
| 35 // index 1; // zero based | |
| 36 // bucket 300; | |
| 37 // }; | |
| 38 // }; |