"Fossies" - the Fresh Open Source Software Archive

Member "timbersee-0.8.3/docs/timbersee.config.sample" (14 Jun 2002, 2436 Bytes) of package /linux/privat/old/timbersee-0.8.3.tar.gz:

    1 <?xml version="1.0" standalone="no" ?>
    2 <!DOCTYPE config SYSTEM "/usr/local/share/timbersee/timbersee.dtd">
    3 <config>
    4     <log file="/var/log/messages">
    5     <!-- ignore messages from our chatty dhcp server -->
    6     <ignore re="\bdhcpd:  DHCP\w+" />
    7 
    8     <ignore re=" last message repeated \d+ times" />
    9 
   10     <onmatch re="\bsshd\(pam_unix\)\[\d+\]: ">
   11         <!-- don't report messages of me logging in. -->
   12         <!-- note use of (?:  )  instead of regular parenthesis
   13             for grouping.  This is a perl optimization, but
   14             plain parenthesis would have also worked.  -->
   15         <ignore re="session (?:opened|closed) for user thumper\b" />
   16         <ignore re="session (?:opened|closed) for user mrtg\b" />
   17         <!-- allow fall-through to echo -->
   18     </onmatch>
   19 
   20     <ignore re="\bsshd\(pam_unix\)\[\d+\]: session opened for user thumper\b" />
   21     <onmatch re="\bpromiscuous\b">
   22         <bell/>
   23         <echo mode="bold"/>
   24         <last/>
   25     </onmatch>
   26     <onmatch re="\bnamed\b.*\bfailure\b">
   27         <bell/>
   28         <echo mode="bold"/>
   29         <last/>
   30     </onmatch>
   31 
   32     <!-- echo anything that got this far to the screen -->
   33     <echo/>
   34     </log>
   35     <log file="/var/log/secure">
   36     <ignore re="\bsshd\[\d+\]: Accepted password for thumper from (127\.0\.0\.1|192\.168\.)" />
   37     <onmatch re="sshd\[\d+\]: Failed password for\b">
   38         <waitfor count="2" timeout="60">
   39         <echo mode="red" />
   40         </waitfor>
   41         <last/>
   42     </onmatch>
   43 
   44     <!-- echo anything that got this far to the screen -->
   45     <echo mode="bold"/>
   46     <!-- but also email it, since it could be important! -->
   47     <mailto subject="log: /var/log/secure" recipients="thumper@alumni.caltech.edu" />
   48     </log>
   49     <log file="/var/log/cron">
   50     <ignore re="/sbin/rmmod -as" />
   51     <ignore re="run-parts /etc/cron\.hourly" />
   52     <echo mode="bold"/>
   53     </log>
   54     <log file="/var/log/boot.log">
   55     <echo mode="bold"/>
   56     </log>
   57     <log file="/var/log/dmesg" >
   58     <echo mode="reset"/>
   59     </log>
   60     <log file="/var/log/maillog">
   61     <ignore re="\bipop3d\[\d+\]: pop3 service init from 192\.168\.0\." />
   62     <ignore re="\bipop3d\[\d+\]: Login user=deb .* \[192\.168\.0\.\d+\]" />
   63     <ignore re="\bipop3d\[\d+\]: Logout user=deb .* \[192\.168\.0\.\d+\]" />
   64     <ignore re="\bsendmail\[\d+\]: \w+: from=" />
   65     <ignore re="\bsendmail\[\d+\]: \w+: to=" />
   66     <echo mode="reset"/>
   67     </log>
   68     <log file="/var/log/httpd/error_log">
   69     <ignore re="\bFile does not exist: .*/cmd\.exe" />
   70     <ignore re="\bFile does not exist: .*/favicon\.ico" />
   71     <echo mode="reset"/>
   72     </log>
   73 </config>