> -----Original Message----- > From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog- > boun...@lists.adiscon.com] On Behalf Of Robert Schetterer > Sent: Friday, November 25, 2011 9:01 PM > To: rsyslog-users > Subject: [rsyslog] mail log ip filter spamhaus rsyslog > > Hi @ll, > i am new to this list > and not very familar with rsyslog so sorry if my question was > asked/answered before > > i wanna goal, filtering spamhaus rbl ips from postfix mail log > i allready done > ( on suse ) > > mail.info > -/var/log/mail.info;RSYSLOG_TraditionalFileFormat > if $msg contains 'blocked using zen.spamhaus.org' then > /var/log/spamhaus.log;RSYSLOG_TraditionalFileFormat > > this works fine, but as i have a lot of spambots > fail2ban ist to slow with this allready filtered log > > so i wann have a second or combinated rsyslog rule which results > only in the ip > > a relevant log entry example looks like this > > postfix/postscreen[32120]: NOQUEUE: reject: RCPT from > [190.24.212.146]:57855: 550 5.7.1 Service unavailable; client > [190.24.212.146] blocked using zen.spamhaus.org; > from=<some...@somewhere.de>, to=<some...@somwhere.de>, proto=ESMTP, > helo=<MCRISTALCRE> > > the plan would be , set the ip output to i.e fifo pipe > and read the output via some daemon script/program to create an > iptables > ip reject rule with timestamp via ipset map, which expires auto after > 24 > h, this should fast as possible > > so anybody with an example for filtering this ? > > by the way > someone speculated rsyslog may able to do the whole job > filtering ip and do the ipset action in one step , is this true ? > i am not that far in the docs yet
I have to admit that I do not fully understand your question. But it has been a long and busy day today ;) Could you try to describe in two or three sentences what you actually want to achieve? rainer > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
