Mercurial > syslog2iptables

diff syslog2iptables.conf @ 20:0d65c3de34fd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add better logging
author carl
date Sun, 08 Jan 2006 12:36:57 -0800
parents d76f9ff42487
children 2342081106d9
line wrap: on
line diff
--- a/syslog2iptables.conf	Sat Dec 24 06:27:00 2005 -0800
+++ b/syslog2iptables.conf	Sun Jan 08 12:36:57 2006 -0800
@@ -2,17 +2,14 @@
 
 ignore {
     127.0.0.0/8;        // localhost
-    205.147.40.32/26;   // 510sg
-    205.147.0.100/24;   // digilink
-    205.147.39.128/25;  // ams
 };
 
-file "/var/log/cisco.log" {
-    pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
-        index 2;    // zero based
-        bucket 200;
-    };
-};
+//  file "/var/log/cisco.log" {
+//      pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
+//          index 2;    // zero based
+//          bucket 200;
+//      };
+//  };
 
 file "/var/log/secure" {
     pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
@@ -25,6 +22,35 @@
     };
 };
 
+file "/var/log/httpd/access_log" {
+    pattern "(.*) - - .* /cgi-bin" {
+        index 1;    // zero based
+        bucket 400;
+    };
+    pattern "(.*) - - .*/index2.php" {
+        index 1;    // zero based
+        bucket 400;
+    };
+    pattern "(.*) - - .*/main.php" {
+        index 1;    // zero based
+        bucket 400;
+    };
+};
+
+file "/var/log/httpd/access_acia_log" {
+    pattern "(.*) - - .* /cgi-bin" {
+        index 1;    // zero based
+        bucket 400;
+    };
+};
+
+file "/var/log/httpd/access_510sg_log" {
+    pattern "(.*) - - .* /cgi-bin" {
+        index 1;    // zero based
+        bucket 400;
+    };
+};
+
 //  file "/var/log/messages" {
 //      pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
 //          index 1;    // zero based