view remote.mbmg @ 20:0d65c3de34fd

add better logging
author carl
date Sun, 08 Jan 2006 12:36:57 -0800
parents 5dfe0138b4f9
children
line wrap: on
line source

threshold 550;

ignore {
    127.0.0.0/8;        // localhost
    205.147.40.32/26;   // 510sg
    205.147.0.100/24;   // digilink
    205.147.39.128/25;  // ams
    205.147.48.64/26;   // mbmg
};

file "/var/log/cisco-firewall" {
    pattern "Inbound_Firewall denied (tcp|udp) ([^(]*)" {
        index 2;    // zero based
        bucket 200;
    };
};

file "/var/log/secure" {
    pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
        index 1;    // zero based
        bucket 400;
    };
    pattern "sshd.*Failed password .* from (.*) port" {
        index 1;    // zero based
        bucket 400;
    };
};

//  file "/var/log/messages" {
//      pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
//          index 1;    // zero based
//          bucket 300;
//      };
//      pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
//          index 1;    // zero based
//          bucket 300;
//      };
//  };