This project uses the simple event correlator to display critical messages from system log-files.
It thus relies on an installation of the following software packages and performs the following reporting:
dovecot).DHCP leases (requires isc-dhcpd).openssh).
The /etc/default/sec configuration file is responsible on a Debian system for launching the simple event correlator. The defaults have to be changed in the following way:
#Defaults for sec RUN_DAEMON="yes" DAEMON_ARGS="-conf=/etc/sec.conf -input=/var/log/messages -input=/var/log/auth.log -input=/var/log/mail.log -pid=/var/run/sec.pid -detach -syslog=daemon"
in order to monitor the necessary logs for the requirements above.
The following file is the /etc/sec.conf configuration file where the regex hooks are placed that post to the terminal screen.
# E-mails. type=Single ptype=RegExp pattern=to=<([a-z@\.]+?)>.*status=sent \(delivered to command: \/usr\/lib\/dovecot\/deliver\) desc=$0 action=shellcmd /bin/echo "[e-mail: $1]" | /usr/bin/bv4511ctl.pl # Hour. type=Calendar time=0 */6 * * * desc=$0 action=shellcmd /bin/echo "[UTC: "`/bin/date +%H`"]" | /usr/bin/bv4511ctl.pl # DHCP type=Single ptype=RegExp pattern=DHCPACK on ([0-9\.]+?) to .+? \((.+?)\) via desc=$0 action=shellcmd /bin/echo -e "[DHCP: $1\n to $2]" | /usr/bin/bv4511ctl.pl # Login. type=Single ptype=RegExp pattern=Accepted password for (.+?) from desc=$0 action=shellcmd /bin/echo "[Welcome $1!]" | /usr/bin/bv4511ctl.pl # SSH Guard Block. type=Single ptype=RegExp pattern=Blocking (.+?) for desc=$0 action=shellcmd /bin/echo "[Block: $1]" | /usr/bin/bv4511ctl.pl # SSH Guard Blacklist. type=Single ptype=RegExp pattern=Offender '(.+?)' scored .+? blacklisted desc=$0 action=shellcmd /bin/echo "[Black: $1]" | /usr/bin/bv4511ctl.pl