[syslog-ng] Trigger dynamic action in syslog-ng
james.r.hendrick at gmail.com
Fri Mar 8 15:49:06 UTC 2019
Great! I'll check it out and see.
On Fri, Mar 8, 2019, 6:58 AM Szemere, László <laszlo.szemere at oneidentity.com>
> I think most of the things you mentioned, can be achieved with patterndb:
> Keywords: correlating messages, triggering actions, external actions
> (Mentioned in the Administration Guide) There is a collection of example
> patterns on GitHub: https://github.com/balabit/syslog-ng-patterndb/ most
> probably they will not suit your needs as is, but they are a good starting
> point. (please feel free to share your final solution as PR)
> I hope it was helpful!
> Best Regards,
> On Thu, Mar 7, 2019 at 4:55 PM Evan Rempel <erempel at uvic.ca> wrote:
>> We do this for all kinds of things.
>> - monitor mailing list subscription rates and then add firewall block
>> rules automatically for abusive users (usually spammers)
>> - monitor failed login rates to block ip access
>> - monitor failed login rates followed by successful login and lock
>> On 3/6/19 10:44 AM, Jim Hendrick wrote:
>> > I was wondering if anyone has used syslog-ng to trigger some dynamic
>> action based on logs.
>> > For example, if a certain threshold of messages happens in a time
>> window, send an alert. LIke suppress () but more general actions.
>> > Or if a specific event happens, send *.debug from that system for 5
>> > Or run a program to collect system data and send it along based on some
>> > Not thinking SIEM functionality here, but maybe allow the log servers
>> to be more dynamic around what actions they take for basic things.
>> > Thoughts?
>> > Thanks.
>> > Jim
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the syslog-ng