view syslog2iptables.conf @ 8:5f4549fc60b9

initial coding
author carl
date Fri, 02 Dec 2005 20:55:32 -0800
parents 276c4edc8521
children d76f9ff42487
line wrap: on
line source

threshold 600;

ignore {
    127.0.0.0/8;        // localhost
    205.147.40.32/26;   // 510sg
    205.147.0.100/24;   // digilink
    205.147.39.128/25;  // ams
};

file "/var/log/cisco.log" {
    pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
        index 2;    // zero based
        bucket 200;
    };
};

file "/var/log/secure" {
    pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
        index 1;    // zero based
        bucket 300;
    };
    pattern "sshd.*Failed password .* from (.*) port" {
        index 1;    // zero based
        bucket 300;
    };
};

file "/var/log/messages" {
    pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
        index 1;    // zero based
        bucket 300;
    };
    pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
        index 1;    // zero based
        bucket 300;
    };
};