[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Logs-devel] add cl-interpol to LoGS?
From: |
Jim Prewett |
Subject: |
[Logs-devel] add cl-interpol to LoGS? |
Date: |
Wed, 13 Sep 2006 09:56:12 -0600 (MDT) |
Hi all,
I'm starting to make a lot of use of Edi Weitz' excellent cl-interpol
package (you have another winner, Edi!) in my LoGS rulesets. I'm
wondering if its functionality is generally useful enough (the way that
cl-ppcre is) to warrant adding to LoGS.
I'm doing things like:
;; the regexp that defines the internal network
(defvar *internal-network-ipv4-regexp* "10.3.\\d+.\\d+")
;; there is no action, so throw away internal login messages
(rule named 'ignore-internal-logins-ipv4
matching regexp
#?"sshd\\[\\d+\\]: Accepted publickey for .* from
${*internal-network-ipv4-regexp} port \\d+ ssh2")
That basically allows me to more easily share rulesets with other shops;
They can define their own *internal-network-ipv4-regexp* and use my rules.
What do you think?
Thanks,
Jim
James E. Prewett address@hidden address@hidden
Systems Team Leader LoGS: http://www.hpc.unm.edu/~download/LoGS/
Designated Security Officer OpenPGP key: pub 1024D/31816D93
HPC Systems Engineer III UNM HPC 505.277.8210
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Logs-devel] add cl-interpol to LoGS?,
Jim Prewett <=