Thursday, July 23, 2009

/usr/local/bin/syslog-mail.pl

#!/usr/bin/perl -n
# thanks to Brian Dowling for an example with security in mind.

$TO = 'email@dot.com';
$FROM = xSolaris;

s/^<\d{1,2}>//;

open(MAIL, "|/usr/sbin/sendmail -t");

print MAIL <<"EOT";
To: $TO
From: $FROM
Subject: Log Alert: $_

$_

EOT

close(MAIL);
Posted by at No comments:

syslog-ng config file --> mail alert for failed login

####
# ------------------>
# Syslog-ng Configuration file.
# edited: -> bukidparuparu 072309
# <------------------
#
##############################################################
source src { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); };
###############################################################
# set destinations
#
destination authlog { file("/var/log/auth.log"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };

destination mail { file("/var/log/mail.log"); };
destination maillog { file("/var/log/maillog"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };

# The root's console.
destination console { usertty("root"); };

#
# scripts that accept syslog messages and mail them out
#
destination mail-alert { program("/usr/local/bin/syslog-mail.pl"); };
destination mail-alert-perl { program("/usr/local/bin/syslog-mail.pl"); };

##########################################
# Filter Logs
#
filter f_su_failed {
match("(Failed|failed)");
};

filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_auth { facility(auth); };

filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

###############################################################
# log statements actually send logs somewhere, to a file, across the network, etc
#

log { source(src); filter(f_daemon); destination(messages); };
log { source(src); filter(f_kern); destination(messages); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(messages); };
log { source(src); filter(f_auth); destination(authlog); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_emergency); destination(console); };

# find messages with "failed" in them, and send to the mail-alert script
log {
source(src);
filter(f_su_failed);
destination(mail-alert-perl);
};
#
# find messages reporting attempted ssh logins, and send to the mail-alert script
# set it up
destination std {
file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};

# log it
log {
source(src);
destination(std);
};
###############################################################
Posted by at No comments:
Subscribe to: Posts (Atom)