# Sample config file for reportnew.
# Need to list logfiles, regexp strings for match and exclude,
# and and or'ing, and actions to take (email).
# Use begin-host: hostname / end-host: hostname around config
# sections for specific hosts.

master_notify: user@host

log: /var/log/snort/portscan
match: all
exclude: none
notify: user@host

log: /var/log/secure
match: all
exclude: /logfile turned over/
notify: user@host

log: /var/log/authlog
match: /ROOT|sshd.*Connection|refused|deny|admin login|snort/
exclude: /ROOT LOGIN .* ON ttyC0/
notify: user@host

log: /var/log/daemon
match: /named.*unapproved|RR|XX/
exclude: /logfile turned over|XX .204.245.8.5|XX .204.245.8.49|XX .*in-addr/
notify: user@host

log: /etc/dnscache/log/main
match: /deny|fail|cannot|error|denied|fatal/
exclude: none
notify: user@host

log: /var/log/maillog
match: /deny|fail|timeout/
exclude: none
notify: user@host

log: /usr/local/apache/logs/access_log
match: /webaddress|phf|test-cgi|handler/
exclude: /10.0.0.5/
notify: user@host

log: /var/log/ntp
match: /way too large|sanity/
exclude: none
notify: user@host