[logs] How to send an email using pipe method ?
Florent Gilain
florent.gilain at direct-energie.com
Sun Sep 30 14:55:32 PDT 2007
Hello all,
I have a little problem to setup my config file ; here are informations i
can give you about my setup, I try to monitor failed PROFTPD login attempts
:
/etc/logsurrfer/logsurfer.conf :
'^([a-zA-Z]{3} [0-9]{2}) ([0-9]{2}:[0-9]{2}:[0-9]{2}) (.*)
proftpd\[([0-9]+)\]: (.*) \(([0-9.]+)\[[0-9.]+\]\).*USER (.*) \(Login
failed\): (.*)$' - - - 0
exec "/bin/echo \"Session de PID $5 depuis l IP $7 - Login
utilise $8 le $2 a $3 - Details : $9\" | /bin/mail -s \"\[$4\] Alerte de
securite PROFTPD\" me at mycompany.com"
tail /var/log/secure :
Sep 30 23:43:58 mx1 proftpd[13081]: mx1.de.lan
(192.168.123.4[192.168.123.4]) - USER fgilain (Login failed): Incorrect
password.
cat /etc/logsurfer/logsurfer.log
warning: logsurfer started as root
Session de PID 13081 depuis l IP 192.168.123.4 - Login utilise fgilain le
Sep 30 a 23:43:58 - Details : Incorrect password.
PS : i run Logusfer like that :
[root at supervision root]# ps -edf | grep logsurf
root 25717 1 0 23:43 pts/0 00:00:00 /usr/local/bin/logsurfer -l
1855 -c /etc/logsurfer/logsurfer.conf -d /etc/logsurfer/logsurfer.dump -f -p
/etc/logsurfer/logsurfer.pid /var/log/secure
But i never receive the email..did i missed something?
Thanks a lot
Florent
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070930/56181ec0/attachment.html
More information about the LogAnalysis
mailing list