Mercurial > syslog2iptables
diff syslog2iptables.conf @ 20:0d65c3de34fd
add better logging
author | carl |
---|---|
date | Sun, 08 Jan 2006 12:36:57 -0800 |
parents | d76f9ff42487 |
children | 2342081106d9 |
line wrap: on
line diff
--- a/syslog2iptables.conf Sat Dec 24 06:27:00 2005 -0800 +++ b/syslog2iptables.conf Sun Jan 08 12:36:57 2006 -0800 @@ -2,17 +2,14 @@ ignore { 127.0.0.0/8; // localhost - 205.147.40.32/26; // 510sg - 205.147.0.100/24; // digilink - 205.147.39.128/25; // ams }; -file "/var/log/cisco.log" { - pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { - index 2; // zero based - bucket 200; - }; -}; +// file "/var/log/cisco.log" { +// pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { +// index 2; // zero based +// bucket 200; +// }; +// }; file "/var/log/secure" { pattern "sshd.*Failed password .* from ::ffff:(.*) port" { @@ -25,6 +22,35 @@ }; }; +file "/var/log/httpd/access_log" { + pattern "(.*) - - .* /cgi-bin" { + index 1; // zero based + bucket 400; + }; + pattern "(.*) - - .*/index2.php" { + index 1; // zero based + bucket 400; + }; + pattern "(.*) - - .*/main.php" { + index 1; // zero based + bucket 400; + }; +}; + +file "/var/log/httpd/access_acia_log" { + pattern "(.*) - - .* /cgi-bin" { + index 1; // zero based + bucket 400; + }; +}; + +file "/var/log/httpd/access_510sg_log" { + pattern "(.*) - - .* /cgi-bin" { + index 1; // zero based + bucket 400; + }; +}; + // file "/var/log/messages" { // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { // index 1; // zero based