photo
Jordan Sissel
geek

Sat, 07 May 2005

More updates to logwatch

Logwatch is gradually getting sexier as I throw more ideas and time into it. This recent batch of updates added, primarily, the following:

Users can define their own patterns in logwatch.conf: 

patterns {
	clientandip = "\[client %IP%\]";
	hostname = "(\[wd-\]+.)*(\[w-\])";
};
Defines your own patterns in addition to the default ones. These new patterns are used the same way that default patterns are, as %clientandip% and %hostname%. A sample use of this would be: 
file "/var/log/auth.log" {
	type "failed hostname lookup" {
		match = "reverse mapping checking getaddrinfo for %hostname% failed";
		threshold = 2;
		interval = 60;
		reaction = "echo 'Someone (%hostname%) is trying to ssh with broken dns... maybe they are being naughty?'";
	};
};

Patterns can be pretty much any regular expression perl will support. Also, as you can see with the clientandip pattern, you can embed existing patterns in new patterns. This includes your own patterns. Recursion is limited to 10 levels by default, this may change in the future.

Comments: 0 (view comments)
Tags:
Permalink: /geekery/164
posted at: 04:50

Search this site

Navigation

Metadata

Home About Resume My Code (SVN)

Articles

ARP Security Dynamic DNS with DHCP OpenLDAP+Kerberos+SASL PPP over SSH SSH Security: /bin/false Week of Unix Tools Work Efficiency

Projects

fex firefox tabsearch firefox urledit grok keynav liboverride newpsm (FreeBSD) nis2ldap pam_captcha poor man's backup Solaris audio utility xboxproxy xdotool xmlpresenter xpathtool misc scripts

Presentations

Yahoo! Hack Day '08 Yahoo! Hack Day '06 Unix Essentials Vi/Vim Essentials SSH Tunneling (Video)

Tag Cloud

Calendar

< May 2005 >
SuMoTuWeThFrSa
1 2 3 4 5 6 7
8 91011121314
15161718192021
22232425262728
293031    

Friends

BarCamp Kent Brewster Tantek Çelik John Resig Wesley Shields Tyler Shields

Technorati