Mercurial Mercurial > pvl-verkko / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
etc/syslog.conf
author Tero Marttila <terom@paivola.fi>
Fri, 11 Jan 2013 17:23:49 +0200
changeset 82 4383c996156e
parent 78 8deb7d308d18
child 85 d1c2dfc1a875
permissions -rw-r--r--
pvl.verkko-syslog: fix pvl.irk name, ignore non-text apply's 
#irk     = irc://irc-test/test

# TODO: implements meta-attrs across rule tree to classify hosts?
#[tag]
#    [[puppetmaster]]
#        host    = guru
#
#    [[auth-high]]
#        host    = guru

# auth on normal hosts
[auth]
    facility    = auth

    [[sudo]]
    program     = sudo
    pattern     = (?P<login>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<user>\S+) ; (?:ENV=(?P<env>.+?) ; )?COMMAND=(?P<command>.*)
    format      = {login}:{tty} - {user}@{host}:{pwd} - {command!r}
    
    # ignore puppet readshadow on puppetmasters
    [[[puppet_readshadow]]]
    login       = puppet
    user        = root
    command     = /usr/bin/getent shadow \w+
    format      = # ignore

    [[[env]]]
    env         = .+
    format      = {login}:{tty} - {user}@{host}:{pwd} - {env}{command!r}

    [[sudo-unknown]]
    program     = sudo
    format      = {host} {msg}
    
# auth on high-sec hosts
[auth-high]
    host        = .+
    facility    = auth
    
    # TODO: pubkey, failures?
    [[ssh]]
    program     = sshd
    pattern     = Accepted password for (?P<user>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)
    format      = SSH login for {user}@{host} from {ip}

    [[cron]]
    program     = cron
    format      = # ignore

    [[su_nobody]]
    program     = su
    pattern     = Successful su for nobody by root|\+ \?\?\? root:nobody
    format      = # ignore

    [[all]]
    format      = {host} {msg}

# user
[user]
    facility    = user

    [[puppet]]
    program     = puppet
    format      = {host} {msg}
pvl-verkko