Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Jul 22 13:55:49 server sshd[1234]: Accepted publickey for me from 12.34.56.78 port 12345 ssh2: RSA <<key signature elided>>
- Jul 22 13:55:49 server sshd[1234]: pam_unix(sshd:session): session opened for user me by (uid=0)
- [me@server ~]$ dpkg -l | grep syslog
- ii syslog-ng 3.5.3-1 all
- ii syslog-ng-core 3.5.3-1 i386
- ii syslog-ng-mod-geoip 3.5.3-1 i386
- ii syslog-ng-mod-json 3.5.3-1 i386
- ii syslog-ng-mod-mongodb 3.5.3-1 i386
- ii syslog-ng-mod-smtp 3.5.3-1 i386
- ii syslog-ng-mod-sql 3.5.3-1 i386
- [me@server ~]$ dpkg -l | grep exim
- ii exim4 4.82-3ubuntu2 all
- ii exim4-base 4.82-3ubuntu2 i386
- ii exim4-config 4.82-3ubuntu2 all
- ii exim4-daemon-light 4.82-3ubuntu2 i386
- [me@server ~]$ cat /etc/syslog-ng/conf.d/smtp_for_ssh.conf
- filter f_ssh_login {
- host("server") and filter(f_auth) and not filter(f_cron);
- };
- destination d_smtp {
- smtp(
- host("localhost")
- port(25)
- from("Syslog-NG Alert Service" "syslog-ng@mydomain.com")
- to("Me" "me@mydomain.com")
- subject("[ALERT] Important log message of $LEVEL condition received from $HOST/$PROGRAM!")
- body("Hi!nThe syslog-ng alerting service detected the following important log message:n $MSGn-- nSyslog-NGn")
- log_fifo_size(5)
- );
- };
- log {
- source(s_src);
- filter(f_ssh_login);
- destination(d_smtp);
- };
- [me@server syslog-ng]$ cat syslog-ng.conf
- @version: 3.5
- @include "scl.conf"
- @include "`scl-root`/system/tty10.conf"
- # Syslog-ng configuration file, compatible with default Debian syslogd
- # installation.
- # First, set some global options.
- options { chain_hostnames(off); flush_lines(5); use_dns(no); use_fqdn(no);
- owner("root"); group("adm"); perm(0640); stats_freq(0);
- bad_hostname("^gconfd$");
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement