[syslog-ng] one more sshd rule
Peter Czanik
czanik at balabit.hu
Thu Sep 23 14:11:54 CEST 2010
Hello,
While checking my logs with pdbtool, I ran into this log message:
Sep 23 13:10:03 linux-6y8u sshd[21420]: error: PAM: Authentication
failure for root from 192.168.2.52
The attached rule seems to find it correctly:
HOST=linux-6y8u
MESSAGE=error: PAM: Authentication failure for root from 192.168.2.52
PROGRAM=sshd
PID=21420
LEGACY_MSGHDR=sshd[21420]:
.classifier.class=system
.classifier.rule_id=55ec76e0-c709-11df-b62d-000c298c9ba2
usracct.username=root
usracct.device=192.168.2.52
usracct.type=login
usracct.sessionid=21420
usracct.application=sshd
secevt.verdict=REJECT
Bye,
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sshd_czp.txt
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100923/aebe19ec/attachment.txt
More information about the syslog-ng
mailing list