Mercurial > syslog2iptables

comparison syslog2iptables.conf @ 56:73dd2daeaf8e stable-1-0-13-2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
switch to auto requires
author Carl Byington <carl@five-ten-sg.com>
date Wed, 17 Aug 2011 10:12:16 -0700
parents d237bc6331ad
children b45dddebe8fc
comparison
equal deleted inserted replaced
55:d237bc6331ad 56:73dd2daeaf8e
42 pattern "proftpd.*no such user found from (.*) \[" { 42 pattern "proftpd.*no such user found from (.*) \[" {
43 index 1; // zero based 43 index 1; // zero based
44 bucket 400; 44 bucket 400;
45 message "ftp failed password"; 45 message "ftp failed password";
46 }; 46 };
47 pattern "vsftpd.* authentication failure; .* rhost=(.*) " {
48 index 1; // zero based
49 bucket 400;
50 message "ftp failed password";
51 };
52 pattern "dovecot.* authentication failure; .* rhost=::ffff:(.*) " {
53 index 1; // zero based
54 bucket 400;
55 message "dovecot failed password";
56 };
57 pattern "dovecot.* authentication failure; .* rhost=(.*) " {
58 index 1; // zero based
59 bucket 400;
60 message "dovecot failed password";
61 };
47 }; 62 };
48 63
49 file "/var/log/messages" { 64 file "/var/log/messages" {
65 pattern "dovecot.* authentication failure; .* rhost=(.*) " {
66 index 1; // zero based
67 bucket 400;
68 message "dovecot failed password";
69 };
50 pattern "ipop3d.* Login failed .* \[(.*)\]" { 70 pattern "ipop3d.* Login failed .* \[(.*)\]" {
51 index 1; // zero based 71 index 1; // zero based
52 bucket 400; 72 bucket 400;
53 message "pop3 failed password"; 73 message "pop3 failed password";
54 }; 74 };
80 }; 100 };
81 pattern "(.*) - - .*/adxmlrpc" { 101 pattern "(.*) - - .*/adxmlrpc" {
82 index 1; // zero based 102 index 1; // zero based
83 bucket 400; 103 bucket 400;
84 message "apache adxmlrpc reference"; 104 message "apache adxmlrpc reference";
105 };
106 pattern "(.*) - - .*/includes/general.js" {
107 index 1; // zero based
108 bucket 400;
109 message "apache general.js reference";
110 };
111 pattern "(.*) - - .*/phpMyAdmin/" {
112 index 1; // zero based
113 bucket 400;
114 message "apache phpMyAdmin reference";
115 };
116 pattern "(.*) - - .*/cart/" {
117 index 1; // zero based
118 bucket 400;
119 message "apache cart reference";
120 };
121 pattern "(.*) - - .*/zen/" {
122 index 1; // zero based
123 bucket 400;
124 message "apache zen reference";
125 };
126 pattern "(.*) - - .*/zencart/" {
127 index 1; // zero based
128 bucket 400;
129 message "apache zencart reference";
85 }; 130 };
86 }; 131 };
87 132
88 file "/var/log/maillog" { 133 file "/var/log/maillog" {
89 pattern "lost input channel from .* \[(.*)\] .* after (mail|rcpt|auth)" { 134 pattern "lost input channel from .* \[(.*)\] .* after (mail|rcpt|auth)" {