Mercurial > syslog2iptables
comparison syslog2iptables.conf @ 35:d2ceebcf6595 stable-1-7
add message description in patterns
| author | carl |
|---|---|
| date | Tue, 18 Sep 2007 09:54:22 -0700 |
| parents | 28fec0c67646 |
| children | d9ae11033b4b |
comparison
equal
deleted
inserted
replaced
| 34:a3fee10284e2 | 35:d2ceebcf6595 |
|---|---|
| 9 | 9 |
| 10 // file "/var/log/cisco.log" { | 10 // file "/var/log/cisco.log" { |
| 11 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { | 11 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { |
| 12 // index 2; // zero based | 12 // index 2; // zero based |
| 13 // bucket 200; | 13 // bucket 200; |
| 14 // message "cisco firewall blocked packet"; | |
| 14 // }; | 15 // }; |
| 15 // }; | 16 // }; |
| 16 | 17 |
| 17 file "/var/log/secure" { | 18 file "/var/log/secure" { |
| 18 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { | 19 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { |
| 19 index 1; // zero based | 20 index 1; // zero based |
| 20 bucket 400; | 21 bucket 400; |
| 22 message "ssh failed password"; | |
| 21 }; | 23 }; |
| 22 pattern "sshd.*Failed password .* from (.*) port" { | 24 pattern "sshd.*Failed password .* from (.*) port" { |
| 23 index 1; // zero based | 25 index 1; // zero based |
| 24 bucket 400; | 26 bucket 400; |
| 27 message "ssh failed password"; | |
| 25 }; | 28 }; |
| 26 }; | 29 }; |
| 27 | 30 |
| 28 file "/var/log/httpd/access_log" { | 31 file "/var/log/httpd/access_log" { |
| 29 pattern "(.*) - - .* /cgi-bin" { | 32 pattern "(.*) - - .* /cgi-bin" { |
| 30 index 1; // zero based | 33 index 1; // zero based |
| 31 bucket 400; | 34 bucket 400; |
| 35 message "apache cgi-bin reference"; | |
| 32 }; | 36 }; |
| 33 pattern "(.*) - - .*/index2.php" { | 37 pattern "(.*) - - .*/index2.php" { |
| 34 index 1; // zero based | 38 index 1; // zero based |
| 35 bucket 400; | 39 bucket 400; |
| 40 message "apache index2.php reference"; | |
| 36 }; | 41 }; |
| 37 pattern "(.*) - - .*/main.php" { | 42 pattern "(.*) - - .*/main.php" { |
| 38 index 1; // zero based | 43 index 1; // zero based |
| 39 bucket 400; | 44 bucket 400; |
| 45 message "apache main.php reference"; | |
| 46 }; | |
| 47 }; | |
| 48 | |
| 49 file "/var/log/maillog" { | |
| 50 pattern "lost input channel from .* \[(.*)\] .* after mail" { | |
| 51 index 1; // zero based | |
| 52 bucket 200; | |
| 53 message "sendmail spammer dropping connection"; | |
| 40 }; | 54 }; |
| 41 }; | 55 }; |
| 42 | 56 |
| 43 // file "/var/log/messages" { | 57 // file "/var/log/messages" { |
| 44 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { | 58 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { |
| 45 // index 1; // zero based | 59 // index 1; // zero based |
| 46 // bucket 300; | 60 // bucket 300; |
| 61 // message "ssh failed password"; | |
| 47 // }; | 62 // }; |
| 48 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { | 63 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { |
| 49 // index 1; // zero based | 64 // index 1; // zero based |
| 50 // bucket 300; | 65 // bucket 300; |
| 66 // message "ssh failed password"; | |
| 51 // }; | 67 // }; |
| 52 // }; | 68 // }; |