[syslog-ng] patterndb and intrusion prevention
Florian Schaal
mailinglist at schaal-24.de
Wed Jul 31 10:30:16 CEST 2013
Am 31.07.2013 00:00, schrieb Matt Zagrabelny:
> # cat /var/log/syslogblock
> 2013-07-30 16:26:42 Failed password for invalid user doug from
> 131.212.109.58 port 37867 ssh2 +131.212.109.58
> template("+${usracct.device}\n")
Are you sure that usracct.device contains only the IP?
I use syslog-ng with xt_recent without any problems:
http://blog.schaal-24.de/?p=159&lang=en
regards Florian
More information about the syslog-ng
mailing list