| author | Tero Marttila <terom@fixme.fi> |
| Fri, 04 Jan 2013 22:38:44 +0200 | |
| changeset 67 | 3324ed10c42f |
| parent 66 | 1e3a144f25c0 |
| child 76 | 60bdff4bedfb |
| permissions | -rw-r--r-- |
|
55
cbdd49b76f16
pvl.syslog.rule: refactor SyslogRule
Tero Marttila <terom@fixme.fi>
parents:
48
diff
changeset
|
1 |
[sudo] |
|
cbdd49b76f16
pvl.syslog.rule: refactor SyslogRule
Tero Marttila <terom@fixme.fi>
parents:
48
diff
changeset
|
2 |
program = sudo |
|
cbdd49b76f16
pvl.syslog.rule: refactor SyslogRule
Tero Marttila <terom@fixme.fi>
parents:
48
diff
changeset
|
3 |
|
| 66 | 4 |
[[sudo_command]] |
5 |
pattern = (?P<login>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<user>\S+) ; (?:ENV=(?P<env>.+?) ; )?COMMAND=(?P<command>.*) |
|
|
55
cbdd49b76f16
pvl.syslog.rule: refactor SyslogRule
Tero Marttila <terom@fixme.fi>
parents:
48
diff
changeset
|
6 |
format = {login}:{tty} - {user}@{host}:{pwd} - {command!r}
|
|
cbdd49b76f16
pvl.syslog.rule: refactor SyslogRule
Tero Marttila <terom@fixme.fi>
parents:
48
diff
changeset
|
7 |
|
| 66 | 8 |
[[[puppet_readshadow]]] |
|
58
64885a7c6e85
pvl.syslog.rule: fixfix, implement format
Tero Marttila <terom@fixme.fi>
parents:
55
diff
changeset
|
9 |
login = puppet |
|
64885a7c6e85
pvl.syslog.rule: fixfix, implement format
Tero Marttila <terom@fixme.fi>
parents:
55
diff
changeset
|
10 |
user = root |
|
64885a7c6e85
pvl.syslog.rule: fixfix, implement format
Tero Marttila <terom@fixme.fi>
parents:
55
diff
changeset
|
11 |
command = /usr/bin/getent shadow \w+ |
|
48
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
12 |
|
| 66 | 13 |
[[sudo_unknown]] |
14 |
format = {host} {msg}
|
|
|
48
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
15 |
|
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
16 |
[ssh] |
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
17 |
program = sshd |
| 66 | 18 |
pattern = Accepted password for (?P<user>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+) |
|
48
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
19 |
format = SSH login for {user}@{host} from {ip}
|
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
20 |
|
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
21 |
[cron] |
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
22 |
program = cron |
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
23 |
|
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
24 |
[su_nobody] |
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
25 |
program = su |
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
26 |
pattern = Successful su for nobody by root|\+ \?\?\? root:nobody |
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
27 |
|
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
28 |
[puppet] |
|
40ccb8d3c96e
pvl.verkko-syslog: syslog -> irker gateway
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
29 |
program = puppet |
| 66 | 30 |
|
31 |
[all] |
|
32 |
format = {host} {msg}
|
|
33 |