[syslog-ng] Does syslog-ng support triggers?
jrhendri at maine.rr.com
jrhendri at maine.rr.com
Fri Oct 10 21:43:08 CEST 2008
you should look at something like swatch to setup triggers on X events in Y time causing something to happen.
syslog-ng is not meant to do things based on thresholds (however if there are specific *individual* messages, you can certainly write filters and have them sent to different destinations (giving you some flexibility in scripting a basic response)
---- "Luís Miguel Silva" <lms at fe.up.pt> wrote:
> Hello everyone,
>
> I was wondering if syslog-ng supports triggers (based on keywords OR
> time events).
>
> Ie: i want to be able to call an application if syslog-ng detects the
> same log message came from the same host x times in y minutes.
>
> We are suffering a lot of attacks against our webmail servers and would
> like to use this to try and trigger an alarm
> against brute force connections.
>
> Thanks in advance,
>
> --
> Luís Miguel Ferreira da Silva
> Qualidade e Segurança
> CICA - FEUP
> GSM: +351 912671471
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
More information about the syslog-ng
mailing list