I'm watching FTP logs and want to trigger an email alert when a user
logs into a particular account from a country not in a pre-defined
list. I'm hoping to use the GeoIP perl module for this.
type=Single
ptype=RegExp
pattern=(SEC_STARTUP|SEC_RESTART)
context=SEC_INTERNAL_EVENT
desc=Compile GeoIP Routines
action=eval %geoip ( sub { require Geo::IP; \
my %valid_countries = ("IN"); \
my $gi = Geo::IP->new(GEOIP_STANDARD); \
my $country = $gi->country_code_by_addr($_[0]); \
return 1 if exists $valid_countries{$country};} );
(The above seems to load correctly)
However, at this point I'm not clear how I should write my rule
definition. Should I write a RegExp rule, match on the string I'm
after (and extract the IP) then use a call action to call my function
above? Or can I use the PerlFunc action?
Thanks,
Ray
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
