Re: log_analysis configuration
Anne Carasik wrote:
Hi all,
I have something I've been trying to do with quite some
time--the joys of log parsing.
I have installed log_analysis, and it seems to be the
best tool to do the job. However, the man pages are
very difficult to read, and there are not any clear
examples of how to use this that I can find.
Does anyone have any configurations that work well with
log_analysis or have any tips on getting it to filter
SSH, sudo, etc..?
Hi Anne, I did write some configuration files and know what you are
talking about.
I send you the whole config, which is partly the default, partly my own.
It is not very helpful indeed but might provide a starting point. Good
luck, here is the config
config_version 0.38
add arr log_type_list=
iptables
add arr log_type_list=
iptables
add arr iptables_filenames=
iptables
set var iptables_date_pattern=^((?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oc
t|Nov|Dec)+\s+\d{1,2})\s+\d+\:\d+\:\d+\s+
set var iptables_date_format=%b %e
logtype: iptables
pattern: tungurahua kernel: CHAIN INPUT.*SRC=($ip_pat).*DST=($ip_pat).*PR
OTO=(.*)
use_sprintf
format: "%-3s packet from %-15s to %-15s" , $3, $1, $2
dest: denied input from
pattern: tungurahua kernel: CHAIN OUTPUT.*SRC=($ip_pat).*DST=($ip_pat).*P
ROTO=(.*)
use_sprintf
format: "%-3s packet from %-15s to %-15s" , $3, $1, $2
dest: denied output to
pattern: tungurahua kernel: CHAIN FORWARD.*SRC=($ip_pat).*DST=($ip_pat).*
PROTO=(.*)
use_sprintf
format: "%-3s packet from %-15s to %-15s" , $3, $1, $2
dest: denied forward
set arr priority_categories=
Mathias
TIA,
-Anne
Reply to: