On Tue, 2006-11-14 at 08:33 -0600, Michael Schurter wrote:
> On Mon, 2006-11-13 at 17:48 -0500, Ben Timby wrote:
> > Easiest way is likely to configure syslog-ng with a destination of type:
> > unix-stream for your firewalls events.
>
> There seems to be a problem with my syslog-ng configuration as its
> telling me: Connection failed; error='Connection refused (111)',
> reconnect='10'
>
> Relevant syslog-ng.conf lines:
>
> destination df_firewall { unix-stream("/var/log/firewall-stream"); };
I did something similar and there's no need for UnixStream or anything
like that. Just:
destination df_firewall { pipe("/dev/firewall-fifo"); };
And then open /dev/firewall-fifo as you would open any other file:
using (StreamReader reader = new StreamReader (File.OpenRead (args [0]),
Encoding.ASCII)) {
string line;
while ((line = reader.ReadLine ()) != null) {
if (line.IndexOf ("sshd") != -1)
ProcessLine (line);
}
}
Adjust the encoding to your needs.
If the syslog daemon is killed, you might get a read error or and EOF in
the form of a null line read. In that case, once this loop exits, start
it over.
I was using something like this to block IPs that tried to access ssh
with dictionary attacks.
-Gonzalo
_______________________________________________
Mono-list maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list
