Unix Rule Syntax for Log Monitoring
Rules Format: alert_level;path_to_logfile;target_regex;threshold_number;comment_or_description
Field Example Values Notes
alert_level red | yellow The level of alert that will be generated if the number of matching log entries fall outside of specified parameters.
path_to_logfile /var/log/messages The path to the logfile that should be monitored.
target_regex INVALID LOGIN The string or simple regular expression that will match the log entries you wish to monitor.
threshold_number 1 If the number number of matches in the logfile reaches or passes this number, the specified alert_level will be generated.
comment_or_description Too many invalid logins Optional comment or description that will appear if this alert is triggered.
Note: Once Rules have been updated, [INODE=#][PREV_MATCHES=#] appears in the rule. You should leave this there because these values stop PureSecure from notifying you more than once about particular matches.
Unix | Windows