[syslog-ng] pure-ftpd patterns
Peter Czanik
czanik at balabit.hu
Thu Sep 30 16:43:32 CEST 2010
Hello,
Attached are the pure-ftpd login/logout/failure patterns and the sample
file I used. Some notes:
- logouts, where username is "?" are not tagged, as these just mark that
a TCP/IP connection is teared down
- PAM messages are not tagged, as that would create duplicate messages
about the same event. The variable part of them is simply discarded with
an @ANYSTRING@
- anonymous login/logout events are tagged, username is set to
"anonymous" from "ftp"
You can check the attached pure-ftpd.pdb with the following command:
cat pure-ftpd.samples | grep -v CzP | pdbtool match -p pure-ftpd.pdb -f -
CzP lines are comments...
Please check it on your own pure-ftpd logs to see, if I missed anything!
Thanks!
Bye,
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pure-ftpd.pdb
Type: application/vnd.palm
Size: 8119 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100930/640cc24a/attachment.bin
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pure-ftpd.samples
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100930/640cc24a/attachment.txt
More information about the syslog-ng
mailing list