Mercurial > syslog2iptables
comparison syslog2iptables.conf @ 53:d6fb7fca0394 stable-1-0-13
Document multiple contexts
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sun, 25 Jan 2009 08:37:36 -0800 |
| parents | 206448c00b55 |
| children | d237bc6331ad |
comparison
equal
deleted
inserted
replaced
| 52:fcbc7b7efd14 | 53:d6fb7fca0394 |
|---|---|
| 25 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; | 25 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; |
| 26 | 26 |
| 27 ignore { | 27 ignore { |
| 28 127.0.0.0/8; // localhost | 28 127.0.0.0/8; // localhost |
| 29 }; | 29 }; |
| 30 | |
| 31 // file "/var/log/cisco.log" { | |
| 32 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { | |
| 33 // index 2; // zero based | |
| 34 // bucket 200; | |
| 35 // message "cisco firewall blocked packet"; | |
| 36 // }; | |
| 37 // }; | |
| 38 | 30 |
| 39 file "/var/log/secure" { | 31 file "/var/log/secure" { |
| 40 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { | 32 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { |
| 41 index 1; // zero based | 33 index 1; // zero based |
| 42 bucket 400; | 34 bucket 400; |
| 127 index 1; // zero based | 119 index 1; // zero based |
| 128 bucket 200; | 120 bucket 200; |
| 129 message "sendmail rejected bounce"; | 121 message "sendmail rejected bounce"; |
| 130 }; | 122 }; |
| 131 }; | 123 }; |
| 132 | |
| 133 // file "/var/log/messages" { | |
| 134 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { | |
| 135 // index 1; // zero based | |
| 136 // bucket 300; | |
| 137 // message "ssh failed password"; | |
| 138 // }; | |
| 139 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { | |
| 140 // index 1; // zero based | |
| 141 // bucket 300; | |
| 142 // message "ssh failed password"; | |
| 143 // }; | |
| 144 // }; | |
| 145 }; | 124 }; |
| 146 | 125 |