]>
Commit | Line | Data |
---|---|---|
15fe0b7e CS |
1 | ############################################################################### |
2 | # # | |
3 | # IPFire.org - A linux based firewall # | |
4 | # Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt # | |
5 | # # | |
6 | # This program is free software: you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation, either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # This program is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
18 | # # | |
19 | ############################################################################### | |
d178ccd6 | 20 | |
15fe0b7e | 21 | #@version:3.0 |
d178ccd6 | 22 | |
15fe0b7e CS |
23 | options { |
24 | flush_lines(0); | |
25 | stats_freq(3600); | |
26 | time_reopen (10); | |
7a73612b | 27 | time_sleep(200); |
15fe0b7e CS |
28 | log_fifo_size (1000); |
29 | long_hostnames (off); | |
30 | use_dns (no); | |
31 | use_fqdn (no); | |
32 | create_dirs (no); | |
33 | keep_hostname (yes); | |
34 | }; | |
d178ccd6 | 35 | |
15fe0b7e CS |
36 | source sys { |
37 | file ("/proc/kmsg" log_prefix("kernel: ")); | |
38 | unix-stream ("/dev/log"); | |
39 | internal(); | |
40 | }; | |
c88b182f | 41 | |
15fe0b7e CS |
42 | destination messages { |
43 | file("/var/log/messages"); | |
44 | }; | |
45 | destination boot { | |
46 | file("/var/log/boot.log"); | |
47 | }; | |
537cc5b0 | 48 | destination kernel { |
4a2af74b | 49 | file("/var/log/kernel.log"); |
537cc5b0 | 50 | }; |
15fe0b7e CS |
51 | destination console { |
52 | usertty("root"); | |
53 | }; | |
54 | destination console_all { | |
55 | file("/dev/tty12"); | |
56 | }; | |
57 | destination ids { | |
58 | program("/usr/sbin/ids-block"); | |
59 | }; | |
dd07679e MT |
60 | #destination loghost { |
61 | # tcp("10.0.0.1" port(514)); | |
62 | # }; | |
c88b182f | 63 | |
15fe0b7e CS |
64 | filter f_boot { |
65 | facility(local7); | |
66 | }; | |
67 | filter f_cron { | |
68 | facility(cron); | |
69 | }; | |
70 | filter f_daemon { | |
71 | facility(daemon); | |
72 | }; | |
73 | filter f_kern { | |
74 | facility(kern); | |
75 | }; | |
76 | filter f_messages { | |
77 | not facility(mail, news, cron); | |
78 | }; | |
79 | filter f_emergency { | |
80 | level(emerg); | |
81 | }; | |
82 | filter f_ids { | |
83 | facility(auth) | |
ef3707f4 CS |
84 | and match("snort") |
85 | and match("Priority: 1"); | |
15fe0b7e CS |
86 | }; |
87 | filter f_ssh { | |
88 | program("sshd.*") | |
ef3707f4 | 89 | and match("Failed password for root from"); |
15fe0b7e | 90 | }; |
d178ccd6 | 91 | |
15fe0b7e CS |
92 | log { |
93 | source(sys); | |
94 | filter(f_messages); | |
95 | destination(messages); | |
96 | }; | |
97 | log { | |
98 | source(sys); | |
99 | filter(f_emergency); | |
100 | destination(console); | |
101 | }; | |
102 | log { | |
103 | source(sys); | |
104 | filter(f_boot); | |
105 | destination(boot); | |
106 | }; | |
107 | log { | |
108 | source(sys); | |
109 | destination(console_all); | |
110 | }; | |
111 | log { | |
112 | source(sys); | |
113 | filter(f_ids); | |
114 | destination(ids); | |
115 | }; | |
116 | log { | |
117 | source(sys); | |
118 | filter(f_ssh); | |
119 | destination(ids); | |
120 | }; | |
537cc5b0 CS |
121 | log { |
122 | source(sys); | |
123 | filter(f_kern); | |
124 | destination(kernel); | |
125 | }; |