summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Enable Fedora Copr buildingHEADmasterDavid Sommerseth2020-07-303-50/+8
| | | | | | Also remove support for EL-6, it is soon EOL anyhow. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* Release v1.2v1.2releaseDavid Sommerseth2020-07-302-2/+6
| | | | Signed-off-by: David Sommerseth <dazo@eurephia.org>
* Switch to tar.xz and use git repo download urlDavid Sommerseth2020-07-302-3/+3
| | | | Signed-off-by: David Sommerseth <dazo@eurephia.org>
* rpm: Fix typo in rhel 6 condition checkDavid Sommerseth2020-07-301-2/+2
| | | | Signed-off-by: David Sommerseth <dazo@eurephia.org>
* reporters: Improve log events in IPTipset and SMTPreporterDavid Sommerseth2020-07-302-6/+17
| | | | | | | | The information sent to the logs was unstructured and less ideal. This unifies the log events to be similar and provide more useful details and less static text. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* init/systemd: Switch to Type=simpleDavid Sommerseth2020-07-301-4/+3
| | | | | | | This is simpler and easier with systemd, as systemd is well capable of monitoring this service. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* Migrate to Python 3David Sommerseth2020-07-3015-112/+97
| | | | Signed-off-by: David Sommerseth <dazo@eurephia.org>
* Release v1.1v1.1David Sommerseth2015-11-122-2/+5
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* IPTipset: Ensure only the first regex match is used for IP addressDavid Sommerseth2015-11-121-1/+1
| | | | | | | | This change is based on the API changes of the message strings being changed to Python lists. Currently we expect only one regex match group, where the first element is the IP address. Signed-off-by: David Sommerseth <davids@redhat.com>
* Improve the message passing to the Reporter modulesDavid Sommerseth2015-11-124-7/+4
| | | | | | | | | | | | | The message sent to the Reporter modules contained a string of each regex match group values separated by a pipe (|). This was not flexible enough, so this change will send all the regex match groups as a Python list to the Reporter. The existing Reporter modules have currently just been modified to stitch together the message list as a string identical to the old behaviour now, to ensure backwards compatibility for now. Signed-off-by: David Sommerseth <davids@redhat.com>
* Final changes for packaging logactio-1.0v1.0David Sommerseth2015-10-232-8/+97
| | | | | | | | The .spec file have been massively modified, to comply with Fedora packaging guidelines as well as handling both RHEL6 with sysv init scripts and RHEL7 with systemd unit files. Signed-off-by: David Sommerseth <davids@redhat.com>
* Update GPL license and other related detailsDavid Sommerseth2015-10-2316-61/+72
| | | | | | | | - Use the proper FSF address - Use the new contact address for David Sommerseth - Use a better wording for the GPLv2 only license Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix a few mistakes in the sysv-init scriptDavid Sommerseth2015-10-231-2/+2
| | | | | | | - Do not start logactio by default when installing this service - Be explicit on which subsys this init script is used for Signed-off-by: David Sommerseth <davids@redhat.com>
* IPTipset: Added documentationDavid Sommerseth2015-10-231-0/+103
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Add packaging of init scripts via setup.py tooDavid Sommerseth2015-10-231-0/+1
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Prepare for a v1.0 releaseDavid Sommerseth2015-10-233-9/+36
| | | | | | Ensure we also have man pages properly generated too. Signed-off-by: David Sommerseth <davids@redhat.com>
* Added systemd unit file for starting/stopping logactio at bootDavid Sommerseth2015-10-232-0/+16
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Added SysV init scripts for starting/stopping logactio at bootDavid Sommerseth2015-10-232-0/+109
|
* IPTipset: Delay exit of __cleanup_iptables()David Sommerseth2015-10-231-1/+2
| | | | | | | | | It may happen on some systems that the iptables command line have completed removing ipset rules, but things aren't quite yet ready. This adds a 5 seconds delay before ipset tries to remove the ipset list. Signed-off-by: David Sommerseth <davids@redhat.com>
* IPTipset: Increase verbosity level for logging when calling ipsetDavid Sommerseth2015-10-231-1/+1
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* IPTipset: Add possibility to save ipset state between runsDavid Sommerseth2015-09-251-2/+45
| | | | | | | | By setting the ipset-save Reporter option to point at a file name, the state will be automatically loaded upon start and saved before LogActio stops running. Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix iptables cleanup bugDavid Sommerseth2015-09-251-3/+9
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* If an IP address is already registered, double check with ipset tooDavid Sommerseth2015-09-251-1/+10
| | | | | | | This is needed to avoid LogActio believing an IP address has been registered but have been removed from ipset - either manually or by a timeout. Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix silly doc errorDavid Sommerseth2015-09-251-1/+1
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix off-by-one in hit counterDavid Sommerseth2015-09-251-1/+1
| | | | | | | Without this patch the "count" variable would be off by one when passing it to the reporter modules. Signed-off-by: David Sommerseth <davids@redhat.com>
* Fix typo and catch any other dict key issues in ThreadWatchDavid Sommerseth2015-09-251-6/+10
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Added another "reporter" module - IPTipsetDavid Sommerseth2013-12-261-0/+288
| | | | | | | | | This requires currently logactio to run as root. On matches, instead of reporting the match it will use the IP address extrated via the regex and add it to an ipset(8) set (hash:ip). This set can then be used in other iptables rules to f.ex block failing attempts. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Added a new threshold parameter: threshold-typeDavid Sommerseth2013-12-263-32/+205
| | | | | | | | | | | | | | | | This can be set to either 'rule' or 'exact'. If not defined, it defaults to 'rule' which is exactly the same as before. In 'rule' mode, the threshould counter is increased each time the regular expression triggers a match. By switching to 'exact', it will be defined a threshold counter based on the conntents of the regex groups when a match is found. This gives a more fine grained threshold counter, which can be used for example for blocking specific IP addresses after a certain number of failed attempts is caught. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Added logging to stdoutDavid Sommerseth2013-12-263-2/+22
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Initial RPM packagingDavid Sommerseth2013-12-263-0/+70
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Add some basic Python packagingDavid Sommerseth2013-12-264-3/+354
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Added a simple logfile reopen mechanismDavid Sommerseth2012-11-151-1/+15
| | | | | | | | If logrotate has been run inbetween since last time the log file was checked, the opened fd will not point at the new file. In this case reopen the log file and process all new events in this new file. Signed-off-by: David Sommerseth <davids@redhat.com>
* Added documentationDavid Sommerseth2012-11-077-0/+938
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Added 'reset-rule-rate-limits' variable to [Rules:*] sectionsDavid Sommerseth2012-09-281-1/+21
| | | | | | | | | | | | | | | | | | | | This variable takes a comma separated list of rule names, for the same log file, which will reset the any active processing limitations. This can make one rule enforce another rule to become active again if 'rate-limit' or 'time-frame' limitations for that rule is stopping it from reacting. A useful scenario for this feature is if there is a rule which only reports about connection issues f.ex. only once an hour. If the connection comes back again another rule can report about this instantly. Without this feature enabled, it can take up to one hour before the report about the newly broken connection is sent. By enabling this feature, the "connection OK" rule can reset the rate-limit and/or time-frame restrictions on the "broken connection" rule and thus force a report instantly if the connection breaks again - regardless of the rate-limit/time-frame limitation. Signed-off-by: David Sommerseth <davids@redhat.com>
* Added a rate-limit variable to [Rule:*] sectionsDavid Sommerseth2012-09-211-3/+10
| | | | | | | | | | | | This will avoid sending more reports if it happens within the given amount of seconds since the last report for this rule. So if you have this set to 10 seconds and this rule matches a log line every second, the time between each report will be 10 seconds. The rate-limit is kind of defining 1 report per X seconds. Signed-off-by: David Sommerseth <davids@redhat.com>
* Added support for time-frame variable in [Rule:* sections]David Sommerseth2012-09-211-3/+22
| | | | | | | | | | This optional variable extends the threshold trigger to require the matching rule to have a hit within the given time-frame. If threshold is set to 3 and time-frame to 10, it must be 3 events within 10 seconds for this rule to cause an action. Signed-off-by: David Sommerseth <davids@redhat.com>
* Update setup.py to also consider the LogAction/Reporters directoryDavid Sommerseth2012-09-161-1/+1
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Added a Qpid reporter moduleDavid Sommerseth2012-09-162-0/+221
| | | | | | | This allows alerts to be sent to a Qpid based AMQP broker. A simple alert consumer has been added as well. Signed-off-by: David Sommerseth <davids@redhat.com>
* Added support for multiple reporters per [Logfile:*] and [Rule:*]David Sommerseth2012-09-161-19/+31
| | | | | | This allows multiple reporters to act when it is triggered Signed-off-by: David Sommerseth <davids@redhat.com>
* Add support for specific reporter modules in Rule sectionsDavid Sommerseth2012-09-161-7/+37
| | | | | | | Adding a 'reporters' variable in a [Rule:*] section will override the default reporter defined in [Logfile:*] Signed-off-by: David Sommerseth <davids@redhat.com>
* Added a simple SMTP reporter moduleDavid Sommerseth2012-09-161-0/+142
| | | | | | This reporter module will send e-mails with the gathered information Signed-off-by: David Sommerseth <davids@redhat.com>
* Give a sensible error if an unknown reporter is foundDavid Sommerseth2012-09-161-0/+2
| | | | Signed-off-by: David Sommerseth <davids@redhat.com>
* Added a simple HTTP reporter moduleDavid Sommerseth2012-09-161-0/+106
| | | | | | This will send alerts to a web server via HTTP GET/POST requests Signed-off-by: David Sommerseth <davids@redhat.com>
* Implement support for external reporter modulesDavid Sommerseth2012-09-161-2/+15
| | | | | | | The [Reporter:*] definitions can now take the 'module' variable, which is the name of the reporter module, located in LogActio/Reporters/ Signed-off-by: David Sommerseth <davids@redhat.com>
* Initial import of logactioDavid Sommerseth2012-09-168-0/+637
This is the first step of the logactio framework Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-04-23 12:48:27 +0000