Hi @ll, i am new to this list and not very familar with rsyslog so sorry if my question was asked/answered before
i wanna goal, filtering spamhaus rbl ips from postfix mail log i allready done ( on suse ) mail.info -/var/log/mail.info;RSYSLOG_TraditionalFileFormat if $msg contains 'blocked using zen.spamhaus.org' then /var/log/spamhaus.log;RSYSLOG_TraditionalFileFormat this works fine, but as i have a lot of spambots fail2ban ist to slow with this allready filtered log so i wann have a second or combinated rsyslog rule which results only in the ip a relevant log entry example looks like this postfix/postscreen[32120]: NOQUEUE: reject: RCPT from [190.24.212.146]:57855: 550 5.7.1 Service unavailable; client [190.24.212.146] blocked using zen.spamhaus.org; from=<some...@somewhere.de>, to=<some...@somwhere.de>, proto=ESMTP, helo=<MCRISTALCRE> the plan would be , set the ip output to i.e fifo pipe and read the output via some daemon script/program to create an iptables ip reject rule with timestamp via ipset map, which expires auto after 24 h, this should fast as possible so anybody with an example for filtering this ? by the way someone speculated rsyslog may able to do the whole job filtering ip and do the ipset action in one step , is this true ? i am not that far in the docs yet -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
