|Main Archive Page > Month Archives > syslog-ng-users archives|
It's such a great idea, that I posted on my blog about it. Thanks for
both the idea and the implementation.
And of course your possible pattern additions are more than welcome.
On Sun, 2011-02-20 at 23:06 +0100, Valentijn Sessink wrote:
> Hi list,
> For a week or so, I'm gathering the building blocks for a sort of
> low-tech intrusion detection/prevention system.
> My "itch": having a system that acts "real time" on the log messages
> that various daemons produce; having it low profile; easy to get it to
> act (i.e. no scripts that call scripts that call other scripts). For
> example, if sshd says "invalid user", I'd like the firewall to act on
> this, with as little steps in between as possible. Luckily, syslog-ng is
> able to find patterns all by itself, so I'm able to "skip the middle
> man", i.e. I can use syslog-ng directly on the firewalling rules. And
> what is better: I'm not even using the program() call!
> I'm currently running such a system in pre-production and I'm delighted.
> It's really easy to build. It works like a charm. Here's how:
-- Bazsi ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html