Anne Carasik wrote:
> Hi all,
>
> I have something I've been trying to do with quite some
> time--the joys of log parsing.
>
> I have installed log_analysis, and it seems to be the
> best tool to do the job. However, the man pages are
> very difficult to read, and there are not any clear
> examples of how to use this that I can find.
>
> Does anyone have any configurations that work well with
> log_analysis or have any tips on getting it to filter
> SSH, sudo, etc..?
>
Hi Anne, I did write some configuration files and know what you are
talking about.
I send you the whole config, which is partly the default, partly my own.
It is not very helpful indeed but might provide a starting point. Good
luck, here is the config
config_version 0.38
add arr log_type_list=
iptables
add arr log_type_list=
iptables
add arr iptables_filenames=
iptables
set var iptables_date_pattern=^((?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oc
t|Nov|Dec)+\s+\d{1,2})\s+\d+\:\d+\:\d+\s+
set var iptables_date_format=%b %e
logtype: iptables
pattern: tungurahua kernel: CHAIN INPUT.*SRC=($ip_pat).*DST=($ip_pat).*PR
OTO=(.*)
use_sprintf
format: "%-3s packet from %-15s to %-15s" , $3, $1, $2
dest: denied input from
pattern: tungurahua kernel: CHAIN OUTPUT.*SRC=($ip_pat).*DST=($ip_pat).*P
ROTO=(.*)
use_sprintf
format: "%-3s packet from %-15s to %-15s" , $3, $1, $2
dest: denied output to
pattern: tungurahua kernel: CHAIN FORWARD.*SRC=($ip_pat).*DST=($ip_pat).*
PROTO=(.*)
use_sprintf
format: "%-3s packet from %-15s to %-15s" , $3, $1, $2
dest: denied forward
set arr priority_categories=
Mathias
> TIA,
>
> -Anne
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
