destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
+destination ids {program("/usr/local/sbin/blocker.pl"); );
+
+#destination loghost { tcp("10.0.0.1" port(514)); };
+
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail) and not match(ppp.*LCP); };
filter f_crit { level(crit); };
filter f_err { level(err); };
+filter f_ids { facility(auth) and match("snort") and match("Priority: 1"); };
+filter f_ssh { program("sshd.*") and match("(Failed password for root from)") };
+
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
log { source(src); filter(f_news); filter(f_err); destination(newserr); };
log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
-log { source(src); filter(f_debug); destination(debug); };
+#log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
-log { source(src); filter(f_emergency); destination(console); };
+#log { source(src); filter(f_emergency); destination(console); };
log { source(src); filter(f_ppp); destination(ppp); };
log { source(src); destination(console_all); };
-log { source(src); destination(all); };
+#log { source(src); destination(all); };
+log { source(src); filter(f_ids); destination(ids); };
+log { source(src); filter(f_ssh); destination(ids); };
\ No newline at end of file