On Tue, Sep 21, 2004 at 01:45:46PM +0100, Steve Kemp wrote: > On Sun, 19 Sep 2004, martin f krafft wrote: > > > > If you ask me, logcheck should learn how to evaluate log messages in > > > their context... > > If you want to have instant alerts of problems then logcheck is > what you want. If you to ignore some things and still receive timely > alerts then you're looking at something which can read your mind! > > If you can define what it is you don't want to see then logcheck > can handle that via the pattern files in logchecks ignore.d/ hierarchy.
Not if the pattern you want to ignore is more than one line. egrep is purely line-by-line. This worm (or script-kiddie zombie?) always tries root, admin, then test, ... If it ever starts trying account names that actually exist, and aren't blocked from logging in entirely, I might see if I can get something to use iptables to block that IP for 15minutes after seeing that sequence, since it's a perfect signal that it's a bogus attack, and that it will try a bunch of logins right away, then never come back. Has anyone logged the passwords these attacks try? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC
signature.asc
Description: Digital signature