[syslog-ng] Create Pattern-DB rules

Justin Kala justinkala at gmail.com
Tue Sep 30 16:29:13 CEST 2014


I am trying to create Pattern-DB for the following Authorization messages
coming from O/S.
Can you help on creating a matching rule .

Note: I do not have PATTERN-DB parser utility.I am going to create the
db-parser.xml manually and put this rules inside the file.

2014-09-28T14:12:44-04:00 abcdef01-app/abcdef01-app sshd[11019]: [ID 800047
auth.notice] Failed password for root from port 54438 ssh2
2014-09-28T14:03:46-04:00 abcdef01-app/abcdef01-app sshd[27420]: [ID 800047
auth.notice] Failed publickey for root from port 59219 ssh2
2014-09-28T14:08:28-04:00 abcdef01-app/abcdef01-app sshd[3954]: [ID 800047
auth.notice] Failed keyboard-interactive for root from port
65410 ssh2
2014-09-28T14:10:11-04:00 abcdef01-app/abcdef01-app sshd[5222]: [ID 293258
auth.error] libsldap: Status: 49  Mesg: openConnection: simple bind failed
- Invalid credentials

Thanks & Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140930/2cf7983c/attachment.htm 

More information about the syslog-ng mailing list