Mercurial > syslog2iptables
diff syslog2iptables.conf @ 3:8fe310e5cd44
initial coding
| author | carl |
|---|---|
| date | Sun, 27 Nov 2005 21:12:01 -0800 |
| parents | 551433a01cab |
| children | 2737ab01659a |
line wrap: on
line diff
--- a/syslog2iptables.conf Thu Nov 24 10:31:09 2005 -0800 +++ b/syslog2iptables.conf Sun Nov 27 21:12:01 2005 -0800 @@ -1,7 +1,26 @@ -file "/var/log/cisco.log" { - parser cisco; +threshold 600; + +ignore { + 127.0.0.0/8; // localhost + 205.147.40.32/26; // 510sg + 205.147.0.100/24; // digilink + 205.147.39.128/25; // ams }; -file "/var/log/messages" { - parser ssh; +file "/var/log/cisco.log" { + pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { + index 2; // zero based + bucket 200; + }; }; + +file "messages.log" { + pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { + index 1; // zero based + bucket 300; + }; + pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { + index 1; // zero based + bucket 300; + }; +};