Mercurial > syslog2iptables
diff remote.mbmg @ 10:5dfe0138b4f9
initial coding
| author | carl |
|---|---|
| date | Thu, 08 Dec 2005 13:58:08 -0800 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/remote.mbmg Thu Dec 08 13:58:08 2005 -0800 @@ -0,0 +1,38 @@ +threshold 550; + +ignore { + 127.0.0.0/8; // localhost + 205.147.40.32/26; // 510sg + 205.147.0.100/24; // digilink + 205.147.39.128/25; // ams + 205.147.48.64/26; // mbmg +}; + +file "/var/log/cisco-firewall" { + pattern "Inbound_Firewall denied (tcp|udp) ([^(]*)" { + index 2; // zero based + bucket 200; + }; +}; + +file "/var/log/secure" { + pattern "sshd.*Failed password .* from ::ffff:(.*) port" { + index 1; // zero based + bucket 400; + }; + pattern "sshd.*Failed password .* from (.*) port" { + index 1; // zero based + bucket 400; + }; +}; + +// file "/var/log/messages" { +// pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { +// index 1; // zero based +// bucket 300; +// }; +// pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { +// index 1; // zero based +// bucket 300; +// }; +// };