syslog2iptables: xml/syslog2iptables.in comparison

comparison xml/syslog2iptables.in @ 11:a9b52f657f08

finish coding 1.0 version

author	carl
date	Thu, 15 Dec 2005 16:20:17 -0800
parents
children	c2a2e35a85ac

comparison

equal deleted inserted replaced

-:5dfe0138b4f9
+:a9b52f657f08
+<reference>
+<title>@PACKAGE@</title>
+<partintro>
+<title>Packages</title>
+<para>The various source and binary packages are available at <ulink
+url="http://www.five-ten-sg.com/syslog2iptables/packages">http://www.five-ten-sg.com/syslog2iptables/packages</ulink>
+</para>
+<para>The most recent documentation is available at <ulink
+url="http://www.five-ten-sg.com/syslog2iptables/">http://www.five-ten-sg.com/syslog2iptables/</ulink>
+</para>
+</partintro>
+<refentry id="@PACKAGE@.1">
+<refentryinfo>
+<date>2005-12-15</date>
+</refentryinfo>
+<refmeta>
+<refentrytitle>@PACKAGE@</refentrytitle>
+<manvolnum>1</manvolnum>
+<refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
+</refmeta>
+<refnamediv id='name.1'>
+<refname>@PACKAGE@</refname>
+<refpurpose>a simple adaptive firewall</refpurpose>
+</refnamediv>
+<refsynopsisdiv id='synopsis.1'>
+<title>Synopsis</title>
+<cmdsynopsis>
+<command>@PACKAGE@</command>
+<arg><option>-c</option></arg>
+<arg><option>-d <replaceable class="parameter">n</replaceable></option></arg>
+</cmdsynopsis>
+</refsynopsisdiv>
+<refsect1 id='description.1'>
+<title>Description</title>
+<para><command>@PACKAGE@</command> is a simple adaptive firewall.  It
+maintains the INPUT chain of the <citerefentry>
+<refentrytitle>iptables</refentrytitle> <manvolnum>1</manvolnum>
+</citerefentry> firewall set based on syslog entries.  These syslog
+entries are typically generated by your hardware firewall, but they
+could come from any source.  Any syslog entry that contains a host name
+or ip address can be used as input to this package.</para>
+<para>The <citerefentry> <refentrytitle>@PACKAGE@.conf</refentrytitle>
+<manvolnum>5</manvolnum> </citerefentry> file specifies the syslog files
+to be monitored, and the regular expressions (<citerefentry>
+<refentrytitle>regex</refentrytitle> <manvolnum>7</manvolnum>
+</citerefentry>) to be applied to new lines in those files.  Each
+regular expression needs an index to specify the matching substring that
+contains either an ip address or host name, and a bucket count which is
+added to the leaky bucket for that ip address when a matching line is
+read from that syslog file.</para>
+<para>Each ip address has an associated leaky bucket, which leaks one
+token per second.  Once the bucket contains more than a configurable
+number of tokens, that ip address is added to the INPUT chain with a
+DROP target.  When the bucket is drained to zero, that ip address is
+removed from the INPUT chain.</para>
+</refsect1>
+<refsect1 id='options.1'>
+<title>Options</title>
+<variablelist>
+<varlistentry>
+<term>-c</term>
+<listitem>
+<para>
+Load the configuration file, print a cannonical form
+of the configuration on stdout, and exit.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>-d <replaceable class="parameter">n</replaceable></term>
+<listitem>
+<para>
+Set the debug level to <replaceable class="parameter">n</replaceable>.
+</para>
+</listitem>
+</varlistentry>
+</variablelist>
+</refsect1>
+<refsect1>
+<title>Usage</title>
+<para><command>@PACKAGE@</command> -d 2</para>
+</refsect1>
+<refsect1>
+<title>Configuration</title>
+<para>
+The configuration file is documented in <citerefentry>
+<refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
+</citerefentry>.
+</para>
+</refsect1>
+<refsect1>
+<title>Copyright</title>
+<para>
+Copyright (C) 2005 by 510 Software Group &lt;carl@five-ten-sg.com&gt;
+</para>
+<para>
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2, or (at your option) any
+later version.
+</para>
+<para>
+You should have received a copy of the GNU General Public License along
+with this program; see the file COPYING.  If not, please write to the
+Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
+</para>
+</refsect1>
+</refentry>
+<refentry id="@PACKAGE@.conf.5">
+<refentryinfo>
+<date>2005-12-15</date>
+</refentryinfo>
+<refmeta>
+<refentrytitle>@PACKAGE@.conf</refentrytitle>
+<manvolnum>5</manvolnum>
+<refmiscinfo>@PACKAGE@ @VERSION@</refmiscinfo>
+</refmeta>
+<refnamediv id='name.5'>
+<refname>@PACKAGE@.conf</refname>
+<refpurpose>configuration file for @PACKAGE@</refpurpose>
+</refnamediv>
+<refsynopsisdiv id='synopsis.5'>
+<title>Synopsis</title>
+<cmdsynopsis>
+<command>@PACKAGE@.conf</command>
+</cmdsynopsis>
+</refsynopsisdiv>
+<refsect1 id='description.5'>
+<title>Description</title>
+<para>The <command>@PACKAGE@.conf</command> configuration file is
+specified by this partial bnf description.</para>
+<literallayout class="monospaced"><![CDATA[
+CONFIG    := THRESHOLD IGNORE {FILE}+
+THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";"
+IGNORE    := "ignore" "{" IG-SINGLE+ "};"
+IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";"
+FILE      := "file" FILENAME "{" PATTERN+ "};"
+PATTERN   := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};"
+INDEX     := "index" REGEX-INTEGER-VALUE ";"
+BUCKET    := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout>
+</refsect1>
+<refsect1 id='sample.5'>
+<title>Sample</title>
+<literallayout class="monospaced"><![CDATA[
+threshold 550;
+ignore {
+127.0.0.0/8;        // localhost
+};
+file "/var/log/cisco.log" {
+pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
+index 2;    // zero based
+bucket 200;
+};
+};
+file "/var/log/secure" {
+pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
+index 1;    // zero based
+bucket 400;
+};
+pattern "sshd.*Failed password .* from (.*) port" {
+index 1;    // zero based
+bucket 400;
+};
+};]]></literallayout>
+</refsect1>
+</refentry>
+</reference>

Mercurial > syslog2iptables

comparison xml/syslog2iptables.in @ 11:a9b52f657f08