syslog-ng-users February 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: Re: [syslog-ng] Firewalling with syslog-ng, a w

Re: [syslog-ng] Firewalling with syslog-ng, a working prototype

From: Balazs Scheidler <bazsi_at_nospam>
Date: Wed Feb 23 2011 - 15:17:01 GMT
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>

Hi,

It's such a great idea, that I posted on my blog about it. Thanks for
both the idea and the implementation.

And of course your possible pattern additions are more than welcome.

On Sun, 2011-02-20 at 23:06 +0100, Valentijn Sessink wrote:
> Hi list,
>
> For a week or so, I'm gathering the building blocks for a sort of
> low-tech intrusion detection/prevention system.
>
> My "itch": having a system that acts "real time" on the log messages
> that various daemons produce; having it low profile; easy to get it to
> act (i.e. no scripts that call scripts that call other scripts). For
> example, if sshd says "invalid user", I'd like the firewall to act on
> this, with as little steps in between as possible. Luckily, syslog-ng is
> able to find patterns all by itself, so I'm able to "skip the middle
> man", i.e. I can use syslog-ng directly on the firewalling rules. And
> what is better: I'm not even using the program() call!
>
> I'm currently running such a system in pre-production and I'm delighted.
> It's really easy to build. It works like a charm. Here's how:

-- Bazsi ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html