Unix Rule Syntax for Log Monitoring |
Rules Format: alert_level;path_to_logfile;target_regex;threshold_number;comment_or_description
|
Field |
Example Values |
Notes |
alert_level |
red | yellow |
The level of alert that will be generated if the number of matching
log entries fall outside of specified parameters. |
path_to_logfile |
/var/log/messages |
The path to the logfile that should be monitored.
|
target_regex |
INVALID LOGIN |
The string or simple regular expression that will match the log
entries you wish to monitor.
|
threshold_number |
1 |
If the number number of matches in the logfile reaches or passes
this number, the specified alert_level will be generated. |
comment_or_description |
Too many invalid logins |
Optional comment or description that will appear if this alert
is triggered.
|
Note:
Once Rules have been updated, [INODE=#][PREV_MATCHES=#] appears in the rule.
You should leave this there because these values stop PureSecure from notifying
you more than once about particular matches.
|
|
|
|