Comments (5)
You are right.
I'm currently working on detecting PubkeyAuthentication errors.
Invalid user bob from 72.xx.xx.87 port 38124
is one of these indeed.
If you find any other valid error to catch, that will be nice. Thanks!
from ssh-log-to-influx.
Awesome, good to hear. Do you know of a way to confirm that the rsyslog configuration works?
from ssh-log-to-influx.
Do you mean this kind of configuration ?
template(name="OnlyMsg" type="string" string="%msg:::drop-last-lf%\n")
if $programname == 'sshd' then {
if $msg startswith ' Failed' then {
action(type="omfwd" target="127.0.0.1" port="7070" protocol="tcp" template="OnlyMsg")
}
}
I don't know any other way to test it apart from using it directly and trying to dispatch message by logging into the system.
The configuration will have to change to catch more errors, we already restric the scope to the sshd logs so maybe accepting all logs is something to consider. And do the heavy work inside server.
from ssh-log-to-influx.
Cool. One last suggestion, make your dashboard available on grafana.com or export it by clicking "Share" and "For External". As is it, it's really hard to re-use.
from ssh-log-to-influx.
Good suggestion, just did it. Hower I'm using Grafana 7.1... So only compatible with grafana:master.
The reason why is because I need new features to join on the time range to have valid values of the last time the attack happend + the sum of the attack from the ip.
from ssh-log-to-influx.
Related Issues (20)
- Error with Axios.get call HOT 6
- Use the official ip-api JS/NodeJS client
- Ram usage so big that Grafana won't load HOT 5
- Error 400 from Grafana to InfluxDB datasource HOT 4
- Please add proper documentation how to setup HOT 1
- Rsyslog Filled With Closed Connections HOT 5
- How to setup for a remote host HOT 1
- works but with an error HOT 2
- is there a way to exclude a specific ip
- Does not add line when user is in system but wrong public key/request
- Container image name is wrong in the docker-compose file HOT 1
- No data HOT 1
- Error in logs 'missing tag value' HOT 7
- Syntax HOT 10
- Multiplatform Docker build
- Read from auth.log file as a stream HOT 6
- Add reverse lookup on ip to discover domain names
- Leveraging IP abuse API? HOT 3
- Use in-mem cache such as redis to avoid memory leak
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssh-log-to-influx.