A little more info since you're interested:
[0:root@elmo ~]$ rpm -qi sec
Name : sec
Version : 2.7.7
Release : 0.fc22
Architecture: noarch
Install Date: Sun 09 Aug 2015 07:28:16 AM EDT
Group : System Environment/Daemons
Size : 581726
License : GPLv2+
Signature : RSA/SHA256, Wed 18 Feb 2015 12:59:17 PM EST, Key ID
11adc0948e1431d5
Source RPM : sec-2.7.7-0.fc22.src.rpm
Build Date : Wed 18 Feb 2015 08:24:45 AM EST
Build Host : buildvm-15.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : http://simple-evcorr.sourceforge.net/
Summary : Simple Event Correlator script to filter log file entries
Description :
SEC is a simple event correlation tool that reads lines from files, named
pipes, or standard input, and matches the lines with regular expressions,
Perl subroutines, and other patterns for recognizing input events.
Events are then correlated according to the rules in configuration files,
producing output events by executing user-specified shell commands, by
writing messages to pipes or files, etc.
One of my message configuration files (/etc/sec/dhcp.sec) that adds a DHCP lease
to an ipset to allow thru the firewall (some lines are wrapped by email):
# mail = /bin/mail instead of /usr/bin/mail for elvis
# Dec 31 11:19:28 elmo dhcpd[20260]: Host:BROTHER-MFC-J61=>BROTHER-MFC-J61 VendorId:(none) MemberOf:(none) PoolType:(none)
Lease:14400 Ipv4:192.168.4.63 MAC:0:1b:a9:3d:2d:e3 --> STATIC
type=Single
ptype=RegExp
pattern=(?<server_name>\S+)\s+dhcpd\S+:\s+Host:(?<host>\S+)=\>(?<DNShost>\S+).+
Lease:(?<leaseTime>\d+).+Ipv4:(?<ipv4>(\d{1,3}\.){3}\d{1,3}).+MAC:(?<MAC>\S+)
desc=DHCP lease issued: Server:$+{server_name} Host:$+{DNShost} Ipv4:$+{ipv4}
Lease:$+{leaseTime} MAC:$+{MAC}
action=shellcmd /usr/sbin/ipset -exist add DHCP4-lease $+{ipv4} timeout
$+{leaseTime}
On 5/18/2016 4:46 AM, Marcin Mirosław wrote:
W dniu 17.05.2016 o 16:14, Bill Shirley pisze:
This more of a job for Simple Event Correlator (SEC):
https://simple-evcorr.github.io/
Hi!
I didn't know this tool. It looks that I should look at SEC closer.
Thanks!
Marcin
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
