lucaspalomodevelop/core

Fork 0

mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 02:25:05 +00:00

Commit Graph

Author	SHA1	Message	Date
Ad Schellevis	ae8e0ce4a4	syslog/lockout handler - better trap ssh messages and improve lockout behaviour. As the client still might have a state when being kicked-out, we should kill any state the client has while adding it to the alias. Apparantly our ssh messages are only catched partially, so add ".Authentication error for ." to the list as well. To ease testing, better detect the location of the timestamp so we can use a construction like this to feed amn existing log: lockout_handler < /var/log/audit/audit_20221205.log	2022-12-05 14:52:16 +01:00
Ad Schellevis	31d3044388	syslog-ng: lockout-handler, exit when syslog-ng exits. closes https://github.com/opnsense/core/issues/4195	2020-07-16 17:54:05 +02:00
Ad Schellevis	faf650e7ca	Syslog: optionally disable legacy (clog) logging (#4101 ) * Syslog-NG replacement for legacy syslog local logs: Part of this commit: - support both formats in query log, which is used by our log api - sample local syslog-ng target for configd for https://github.com/opnsense/core/issues/4068 * syslog: add disable clog toggle + preserve number of log (days) setting when only using syslog-ng. for https://github.com/opnsense/core/issues/4068 * syslog: include local syslog-ng files when clog is disabled. for https://github.com/opnsense/core/issues/4068 * Syslog-NG: change local handling, add relayd file to test the concept. The local directory contains filters for local targets, which should replace the <plugin>_syslog() construction eventually, everything relevant and not matched is send to system for https://github.com/opnsense/core/issues/4068 * Syslog-NG: minor update to local template to support module/file format as the query log handler supports it (e.g. /var/log/squid/access/) and add local templates * Syslog-NG: change flush log actions to support new format, while here make sure "flush all" actuallly flushes all logs (including plugins). for https://github.com/opnsense/core/issues/4068 * Syslog-NG: missing level in system log, for https://github.com/opnsense/core/issues/4068 * fix typo for https://github.com/opnsense/core/issues/4068 * syslog-ng: filter live log support for https://github.com/opnsense/core/issues/4068 * Syslog-NG: replace diag_logs_filter_summary.php for mvc enabled version, using the same log output as live log, for https://github.com/opnsense/core/issues/4068 * Syslog-NG: add log cleanup script to enforce preservelogs setting. for https://github.com/opnsense/core/issues/4068 * Syslog-NG: webuser auth message should use LOG_AUTH facility. for https://github.com/opnsense/core/issues/4068 * Syslog-NG: ditch sshlockout_pf in favour for a small script that locks out ssh/web gui failed attempts for both IPv4 and IPv6. for https://github.com/opnsense/core/issues/4068 * ditch sshlockout_pf dependancy, for https://github.com/opnsense/core/issues/4068 * fix indent in ACL, for https://github.com/opnsense/core/issues/4068 * fix plist	2020-05-10 10:59:14 +02:00

Author

SHA1

Message

Date

Ad Schellevis

ae8e0ce4a4

syslog/lockout handler - better trap ssh messages and improve lockout behaviour.

As the client still might have a state when being kicked-out, we should kill any state the client has while adding it to the alias. Apparantly our ssh messages are only catched partially, so add ".*Authentication error for .*" to the list as well. To ease testing, better detect the location of the timestamp so we can use a construction like this to feed amn existing log:

lockout_handler < /var/log/audit/audit_20221205.log

2022-12-05 14:52:16 +01:00

Ad Schellevis

31d3044388

syslog-ng: lockout-handler, exit when syslog-ng exits. closes https://github.com/opnsense/core/issues/4195

2020-07-16 17:54:05 +02:00

Ad Schellevis

faf650e7ca

Syslog: optionally disable legacy (clog) logging (#4101 )

* Syslog-NG replacement for legacy syslog local logs:

Part of this commit:

- support both formats in query log, which is used by our log api
- sample local syslog-ng target for configd

for https://github.com/opnsense/core/issues/4068

* syslog: add disable clog toggle + preserve number of log (days) setting when only using syslog-ng. for https://github.com/opnsense/core/issues/4068

* syslog: include local syslog-ng files when clog is disabled. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: change local handling, add relayd file to test the concept.

The local directory contains filters for local targets, which should replace the <plugin>_syslog() construction eventually, everything relevant and not matched is send to system

for https://github.com/opnsense/core/issues/4068

* Syslog-NG: minor update to local template to support module/file format as the query log handler supports it (e.g. /var/log/squid/access/) and add local templates

* Syslog-NG: change flush log actions to support new format, while here make sure "flush all" actuallly flushes all logs (including plugins). for https://github.com/opnsense/core/issues/4068

* Syslog-NG: missing level in system log, for https://github.com/opnsense/core/issues/4068

* fix typo for https://github.com/opnsense/core/issues/4068

* syslog-ng: filter live log support for https://github.com/opnsense/core/issues/4068

* Syslog-NG: replace diag_logs_filter_summary.php for mvc enabled version, using the same log output as live log, for https://github.com/opnsense/core/issues/4068

* Syslog-NG: add log cleanup script to enforce preservelogs setting. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: webuser auth message should use LOG_AUTH facility. for https://github.com/opnsense/core/issues/4068

* Syslog-NG: ditch sshlockout_pf in favour for a small script that locks out ssh/web gui failed attempts for both IPv4 and IPv6. for https://github.com/opnsense/core/issues/4068

* ditch sshlockout_pf dependancy, for https://github.com/opnsense/core/issues/4068

* fix indent in ACL, for https://github.com/opnsense/core/issues/4068

* fix plist

2020-05-10 10:59:14 +02:00

3 Commits