Mercurial > syslog2iptables

comparison xml/syslog2iptables.in @ 12:c2a2e35a85ac

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
final documentation, rpm builds properly
author carl
date Sat, 17 Dec 2005 16:17:09 -0800
parents a9b52f657f08
children 2a7161b03b94
comparison
equal deleted inserted replaced
11:a9b52f657f08 12:c2a2e35a85ac
1 <reference> 1 <reference>
2 <title>@PACKAGE@</title> 2 <title>@PACKAGE@</title>
3 <partintro> 3 <partintro>
4 <title>Packages</title> 4 <title>Packages</title>
5 <para>The various source and binary packages are available at <ulink 5 <para>The various source and binary packages are available at <ulink
6 url="http://www.five-ten-sg.com/syslog2iptables/packages">http://www.five-ten-sg.com/syslog2iptables/packages</ulink> 6 url="http://www.five-ten-sg.com/@PACKAGE@/packages">http://www.five-ten-sg.com/@PACKAGE@/packages</ulink>
7 </para> 7 The most recent documentation is available at <ulink
8 <para>The most recent documentation is available at <ulink 8 url="http://www.five-ten-sg.com/@PACKAGE@/">http://www.five-ten-sg.com/@PACKAGE@/</ulink>
9 url="http://www.five-ten-sg.com/syslog2iptables/">http://www.five-ten-sg.com/syslog2iptables/</ulink>
10 </para> 9 </para>
11 </partintro> 10 </partintro>
12 11
13 <refentry id="@PACKAGE@.1"> 12 <refentry id="@PACKAGE@.1">
14 <refentryinfo> 13 <refentryinfo>
35 </cmdsynopsis> 34 </cmdsynopsis>
36 </refsynopsisdiv> 35 </refsynopsisdiv>
37 36
38 <refsect1 id='description.1'> 37 <refsect1 id='description.1'>
39 <title>Description</title> 38 <title>Description</title>
40 <para><command>@PACKAGE@</command> is a simple adaptive firewall. It 39
41 maintains the INPUT chain of the <citerefentry> 40 <para><command>@PACKAGE@</command> is a simple adaptive firewall. It
42 <refentrytitle>iptables</refentrytitle> <manvolnum>1</manvolnum> 41 maintains the INPUT chain of the <citerefentry>
43 </citerefentry> firewall set based on syslog entries. These syslog 42 <refentrytitle>iptables</refentrytitle> <manvolnum>1</manvolnum>
44 entries are typically generated by your hardware firewall, but they 43 </citerefentry> firewall set based on syslog entries. These syslog
45 could come from any source. Any syslog entry that contains a host name 44 entries are typically generated by your hardware firewall, but they
46 or ip address can be used as input to this package.</para> 45 could come from any source. Any syslog entry that contains a host name
47 46 or ip address can be used as input to this package.</para>
48 <para>The <citerefentry> <refentrytitle>@PACKAGE@.conf</refentrytitle> 47
49 <manvolnum>5</manvolnum> </citerefentry> file specifies the syslog files 48 <para>The <citerefentry> <refentrytitle>@PACKAGE@.conf</refentrytitle>
50 to be monitored, and the regular expressions (<citerefentry> 49 <manvolnum>5</manvolnum> </citerefentry> file specifies the syslog files
51 <refentrytitle>regex</refentrytitle> <manvolnum>7</manvolnum> 50 to be monitored, and the regular expressions (<citerefentry>
52 </citerefentry>) to be applied to new lines in those files. Each 51 <refentrytitle>regex</refentrytitle> <manvolnum>7</manvolnum>
53 regular expression needs an index to specify the matching substring that 52 </citerefentry>) to be applied to new lines in those files. Each
54 contains either an ip address or host name, and a bucket count which is 53 regular expression needs an index to specify the matching substring that
55 added to the leaky bucket for that ip address when a matching line is 54 contains either an ip address or host name, and a bucket count which is
56 read from that syslog file.</para> 55 added to the leaky bucket for that ip address when a matching line is
57 56 read from that syslog file.</para>
58 <para>Each ip address has an associated leaky bucket, which leaks one 57
59 token per second. Once the bucket contains more than a configurable 58 <para>Each ip address has an associated leaky bucket, which leaks one
60 number of tokens, that ip address is added to the INPUT chain with a 59 token per second. Once the bucket contains more than a configurable
61 DROP target. When the bucket is drained to zero, that ip address is 60 threshold number of tokens, that ip address is added to the INPUT chain
62 removed from the INPUT chain.</para> 61 with a DROP target. When the bucket is drained to zero, that ip address
62 is removed from the INPUT chain.</para>
63
64 <para>The discussion has focused on syslog files, but any ascii text
65 file can be used, so long as some other process appends lines to that
66 file, and those lines containing hostname or ip addresses can be matched
67 with some regular expression.</para>
68
69 <para>Considering syslog files in particular, these are normally rotated
70 via logrotate. <command>@PACKAGE@</command> properly detects and
71 handles this case by closing the old file, and reopening the newly
72 created file.</para>
63 </refsect1> 73 </refsect1>
64 74
65 <refsect1 id='options.1'> 75 <refsect1 id='options.1'>
66 <title>Options</title> 76 <title>Options</title>
67 <variablelist> 77 <variablelist>
93 <refsect1> 103 <refsect1>
94 <title>Configuration</title> 104 <title>Configuration</title>
95 <para> 105 <para>
96 The configuration file is documented in <citerefentry> 106 The configuration file is documented in <citerefentry>
97 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum> 107 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
98 </citerefentry>. 108 </citerefentry>. Any change to the config file will cause it to be
109 reloaded within three minutes.
99 </para> 110 </para>
100 </refsect1> 111 </refsect1>
101 112
102 <refsect1> 113 <refsect1>
103 <title>Copyright</title> 114 <title>Copyright</title>