[syslog-ng] Does syslog-ng support triggers?
Luís Miguel Silva
lms at fe.up.pt
Sat Oct 11 01:15:16 CEST 2008
Hello,
I know there are other options, i just wanted to know if syslog-ng also
did that! ;o)
Thank you for your help!
Luís Silva
jrhendri at maine.rr.com escreveu:
> you should look at something like swatch to setup triggers on X events in Y time causing something to happen.
>
> syslog-ng is not meant to do things based on thresholds (however if there are specific *individual* messages, you can certainly write filters and have them sent to different destinations (giving you some flexibility in scripting a basic response)
>
>
> ---- "Luís Miguel Silva" <lms at fe.up.pt> wrote:
>
>> Hello everyone,
>>
>> I was wondering if syslog-ng supports triggers (based on keywords OR
>> time events).
>>
>> Ie: i want to be able to call an application if syslog-ng detects the
>> same log message came from the same host x times in y minutes.
>>
>> We are suffering a lot of attacks against our webmail servers and would
>> like to use this to try and trigger an alarm
>> against brute force connections.
>>
>> Thanks in advance,
>>
>> --
>> Luís Miguel Ferreira da Silva
>> Qualidade e Segurança
>> CICA - FEUP
>> GSM: +351 912671471
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>
>
--
Luís Miguel Ferreira da Silva
Qualidade e Segurança
CICA - FEUP
GSM: +351 912671471
More information about the syslog-ng
mailing list