Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > aabb1c6deea3aa570b1709afcf2ae273 > files > 28

sec-2.4.2-3mdv2010.0.noarch.rpm



type=single
ptype=regexp
pattern=([A-Za-z0-9._-]+) root: (.*) snortsam, Error: Could not bind socket.
desc = $0
action=pipe '$1 Snortsam Bind Failed -- NEEDS ATTENTION!: %s' /usr/bin/mail -s "Snortsam Bind Failure: NEEDS ATTENTION on $1" alerts@yourdomain.com


type=single
ptype=regexp
pattern=([A-Za-z0-9._-]+) root: (.*), email, Error: \[email\] Did not receive a response waiting for banner on mail server at (.*)
desc = $0
action=add SNORTSAM_REPORT $1 Couldn't email through $3 : %s

type=single
ptype=regexp
pattern=([A-Za-z0-9._-]+) snortsam, Extending block for host ([A-z._0-9-]*) completely for (.*)
desc = $0
action=add SNORTSAM_REPORT $1 Extending Block for $3 for $4


#type=single
#ptype=regexp
#pattern=([A-Za-z0-9._-]+)snortsam\[([0-9]+)\]: [*], [:0-9]+, -, ipf, (.*) Failed
#desc = Snortsam ipf error
#action=pipe '$1 Snortsam IPF Command Failed' /usr/bin/mail -s "%s" alerts@yourdomain.com
##action=add SNORTSAM_REPORT ERROR $1 IPF Command Failure: $2


type=single
ptype=regexp
pattern=([A-Za-z0-9._-]+) root: (.*) snortsam, Starting to listen for Snort alerts.
desc = $0
action=add SNORTSAM_REPORT $1 Snortsam Startup: %s


#type=single
#ptype=regexp
#pattern=([A-Za-z0-9._-]+) root: (.*) snortsam, Removing (.*) complete block for host (.*).
#desc = $0
#action=add SNORTSAM_REPORT $1 Snortsam Removing Block: %s

#type=single
#ptype=regexp
#pattern=([A-Za-z0-9._-]+) root: (.*) snortsam, Blocking host (.*) completely for (.*) \((Sig_ID: \d+\))\.
#desc = $0
#action=add SNORTSAM_REPORT $1 Snortsam Block: %s


type=single
ptype=regexp
pattern=([A-Za-z0-9._-]+) root: (.*) ipf, Error: Command (.*) Failed
desc = $0
action=pipe '$1 Snortsam IPF Command Failed: $1 $2 $3' /usr/bin/mail -s "Snortsam IPF Command Failed on $1" alerts@yourdomain.com

type=single
ptype=regexp
pattern=([A-Za-z0-9._-]+) root: (.*) snortsam, Snortsam Station .* using wrong password, trying to resync.
desc = $0
action=pipe '$1 Snortsam Password Failure: $1' /usr/bin/mail -s "Snortsam Password Failure on $1" alerts@yourdomain.com

#Send hourly snortsam report

type=Calendar
time=0 * * * *
desc=Sending snortsam report...
action=report SNORTSAM_REPORT \
       /usr/bin/mail -s 'SNORTSAM report' alerts@yourdomain.com; \
       delete SNORTSAM_REPORT

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional