來源: http://servexpert.blogspot.tw/
需求原因: yahoo 擋信~
Most of the renowned ESPs such as gmail or hotmail or yahoo do not like to mailed to from the same address multiple times in a short span. If they detect (and they will) that a server's IP is sending out bursts of emails in short span of time or over a single connection, they will most certainly block your IP.
Here is how we can negate this block by rate limiting on the server side so that the server IP(s) remain clean and unblocked. We can configure postfix to rate limit the mails based on their recipient domains. Suppose we need to rate limit mails to gmail to 1000 per hour, this can be achieved using the following steps.
We will use custom transports in postfix configuration to achieve this rate limiting. Custom transports are supported in postfix > v2.5. Check your postfix version using the following command:
[root@smtp01 ~]# postconf mail_version
mail_version = 2.8.5
If postfix is older than 2.5, upgrade it.
Now, define required additional transport in postfix master.cf file:
smtp-gmail unix - - n - 1 smtp
-o syslog_name=smtp-gmail
syslog_name will specify the name by which messages related with this transport will be logged in maillog. This will help us to identify if the custom transport is working or not.
Define the required throttling (rate limits) settings in postfix main.cf
smtp-gmail_destination_rate_delay = 12s
smtp-gmail_destination_concurrency_limit = 1
smtp-gmail_destination_recipient_limit = 2
smtp-gmail_initial_destination_concurrency=1
The syntax is as follows: trasntport-name_variable-name=value
Here the transport name I am using is smtp-gmail. You can use anything of you own choice.
destination_rate_delay: This defines the delay between individual deliveries to the destination using this transport. Set this as per required. Suppose you want 10 deliveries per minute to gmail, then you can set it up like 60/10 = 6s.
destination_concurrency_limit: This decides the number of parallel deliveries to the destination using this transport. Setting it one means only one mail will be delivered once.
destination_recipient_limit: This decides the number of recipients per mail delivery. Setting this parameter to a value of 1 changes the meaning of the corresponding per-destination concurrency limit from concurrency per domain into concurrency per recipient. So set this to 2. This will take care of the domain. If you set it to 1, throttling will work only if you send mails to the same recipient and not for the same recipient domain.
initial_destination_concurrency: This decides the initial number of parallel deliveries. Default is 5, you don't want that probably, so set it as 1.
You can get more information about the parameters here: http://www.postfix.org/postconf.5.html
Create a transport map file, so that mails to gmail.com are directed to our new transport (smtp-gmail). Add the following to /etc/postfix/transport
/\@gmail\.com$/ smtp-gmail:
The format of the above file is regexp. Lookups to regexp tables are fast so probably you should use those. For regexp to work you should have regexp support built into postfix. Find out using this command
postconf -m
You should get the following result, showing all supported lookup tables
[root@smtp01 ~]# postconf -m
btree
cidr
environ
hash
internal
ldap
nis
pcre
proxy
regexp
static
tcp
texthash
unix
Once the transport file is created, make sure to create the corresponding db, which will be actually used by postfix. Use postmap command.
postmap /etc/postfix/transport
Make postfix use this transport table. Edit main.cf and add the following:
transport_maps = regexp:/etc/postfix/transport
Make sure you use regexp prefix.
Reload postfix.
Test the configuration.
Create a file containing two or more different gmail addresses. Then you can use a loop to send mails to them using the command line.
for i in `cat recpts`; do echo "hello" | mail -s "testing throttling" $i; done
recpts is the file containing recipients' addresses.
Tail the maillog and grep for the transport name. You should get the following messages:
Oct 5 10:33:26 smtp01 smtp-gmail/smtp[31905]: A8AB21EE201: to=, relay=gmail-smtp-in.l.google.com[209.85.143.27]:25, delay=1466, delays=0.09/1465/0.25/0.84, dsn=2.0.0, status=sent (250 2.0.0 OK 1317825206 ge19si1398564wbb.49)
Oct 5 10:38:28 smtp01 smtp-gmail/smtp[31945]: AFF7B1EE206: to=, relay=gmail-smtp-in.l.google.com[209.85.143.26]:25, delay=1768, delays=0.09/1766/0.24/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1317825508 s63si1405914weq.73)
Oct 5 10:43:29 smtp01 smtp-gmail/smtp[31985]: B18DC1EE208: to=, relay=gmail-smtp-in.l.google.com[209.85.143.27]:25, delay=2069, delays=0.09/2068/0.25/0.75, dsn=2.0.0, status=sent (250 2.0.0 OK 1317825809 fn12si1423894wbb.51)
Oct 5 10:48:30 smtp01 smtp-gmail/smtp[32021]: B136C1EE207: to=, relay=gmail-smtp-in.l.google.com[209.85.143.27]:25, delay=2370, delays=0.09/2369/0.25/0.48, dsn=2.0.0, status=sent (250 2.0.0 OK 1317826110 fi7si1433546wbb.71)
You can see that the transport 'smtp-gmail' is being called every five minutes ( as set in postfix main.cf).
So all is working now. Post your queries/comments.
2014年3月18日 星期二
2014年3月4日 星期二
nginx start shell script
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /opt/nginx/conf/nginx.conf
# pidfile: /opt/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /opt/nginx/conf/nginx.conf
# pidfile: /opt/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
rewirte list
##for 特定 jsp 導入 特定 url
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/ad\/trnaddrNum.jsp$
RewriteRule ^/ad\/trnaddrNum.jsp(.*)$ http://www.104.com.tw/jb/service/ad/TransferAddress/TransferCount$1 [R,L]
RewriteCond %{REQUEST_URI} ^/ad\/trnaddr.jsp$
RewriteRule ^/ad\/trnaddr.jsp(.*)$ http://www.104.com.tw/jb/service/ad/TransferAddress$1 [R,L]
###機車需求
RewriteRule /104reading$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /104reading/$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /104reading/index.html$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/info.html$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/index/info.html$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/st(.*)/recorded/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&st=$3&recorded&page=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/st(.*)/recorded/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&st=$3&recorded [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/recorded/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&recorded&page=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/recorded/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&recorded [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/type(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4&type=$5&page=$6 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/theclass(.*)/school(.*)/orderType(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2&theclass=$3&school=$4&orderType=$5&page=$6 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/showType(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&showType=$4&page=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/type(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&type=$4&page=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4&page=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/type(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4&type=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/theclass(.*)/school(.*)/orderType(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2&theclass=$3&school=$4&orderType=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&page=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/type(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&type=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/showType(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&showType=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/theclass(.*)/school(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2&theclass=$3&school=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/st(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&st=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/fno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&fno=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/tag(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&tag=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/type(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&type=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/tag(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?tag=$2&page=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/cno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?cno=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/nno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?nno=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/tag(.*)/info.html /cfdocs/edu/104reading/$1.cfm?tag=$2 [L,QSA,PT]
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/ad\/trnaddrNum.jsp$
RewriteRule ^/ad\/trnaddrNum.jsp(.*)$ http://www.104.com.tw/jb/service/ad/TransferAddress/TransferCount$1 [R,L]
RewriteCond %{REQUEST_URI} ^/ad\/trnaddr.jsp$
RewriteRule ^/ad\/trnaddr.jsp(.*)$ http://www.104.com.tw/jb/service/ad/TransferAddress$1 [R,L]
###機車需求
RewriteRule /104reading$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /104reading/$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /104reading/index.html$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/info.html$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/index/info.html$ /cfdocs/edu/104reading/index.cfm [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/st(.*)/recorded/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&st=$3&recorded&page=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/st(.*)/recorded/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&st=$3&recorded [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/recorded/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&recorded&page=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/recorded/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&recorded [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/type(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4&type=$5&page=$6 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/theclass(.*)/school(.*)/orderType(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2&theclass=$3&school=$4&orderType=$5&page=$6 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/showType(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&showType=$4&page=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/type(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&type=$4&page=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4&page=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/type(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4&type=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/theclass(.*)/school(.*)/orderType(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2&theclass=$3&school=$4&orderType=$5 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&page=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/type(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&type=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/tag(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&tag=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/showType(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3&showType=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/theclass(.*)/school(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2&theclass=$3&school=$4 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/st(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2&st=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/fno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&fno=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/orderType(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&orderType=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/tag(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&tag=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/type(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2&type=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/tag(.*)/page(.*)/info.html /cfdocs/edu/104reading/$1.cfm?tag=$2&page=$3 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/j(.*)/info.html /cfdocs/edu/104reading/$1.cfm?j=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/kw(.*)/info.html /cfdocs/edu/104reading/$1.cfm?kw=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/cno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?cno=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/nno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?nno=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/uno(.*)/info.html /cfdocs/edu/104reading/$1.cfm?uno=$2 [L,QSA,PT]
RewriteRule /cfdocs/edu/104reading/(.*)/tag(.*)/info.html /cfdocs/edu/104reading/$1.cfm?tag=$2 [L,QSA,PT]
rsyslog conf
$ModLoad imtcp.so
$ModLoad ommysql
:syslogtag, contains, "nmbd" ~
$template manphp,"insert into $Groupname (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
$template cmdlog,"insert into $Groupname (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
$template securelog,"insert into $Groupname (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
#define web group
+(servername)
##bypass log policy##
:msg, contains, "DBERROR:" ~
##custom log policy##
:msg, contains, "attackalert:" >(IPADDR),linuxlog,rsyslog,(password);$Groupname
:msg, contains, "exec_command:" >(IPADDR),cmdlog,rsyslog,(password);cmdlog
if $syslogtag == 'rsyslogd:' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname
if $syslogtag == 'MD5:' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname
if $syslogpriority == '4' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#warn
if $syslogpriority == '3' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#error
if $syslogpriority == '2' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#crit
if $syslogpriority == '1' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#alert
if $syslogpriority == '0' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#emerg
##standard log policy##
authpriv.* >(IPADDR),securelog,rsyslog,(password);securelog
##web group setting end##
============db ===========
cmdlog
$ModLoad ommysql
:syslogtag, contains, "nmbd" ~
$template manphp,"insert into $Groupname (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
$template cmdlog,"insert into $Groupname (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
$template securelog,"insert into $Groupname (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
#define web group
+(servername)
##bypass log policy##
:msg, contains, "DBERROR:" ~
##custom log policy##
:msg, contains, "attackalert:" >(IPADDR),linuxlog,rsyslog,(password);$Groupname
:msg, contains, "exec_command:" >(IPADDR),cmdlog,rsyslog,(password);cmdlog
if $syslogtag == 'rsyslogd:' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname
if $syslogtag == 'MD5:' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname
if $syslogpriority == '4' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#warn
if $syslogpriority == '3' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#error
if $syslogpriority == '2' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#crit
if $syslogpriority == '1' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#alert
if $syslogpriority == '0' then >(IPADDR),linuxlog,rsyslog,(password);$Groupname#emerg
##standard log policy##
authpriv.* >(IPADDR),securelog,rsyslog,(password);securelog
##web group setting end##
============db ===========
cmdlog
CREATE TABLE `3phd` (
`ID` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`CustomerID` BIGINT(20) NULL DEFAULT NULL,
`ReceivedAt` DATETIME NULL DEFAULT NULL,
`DeviceReportedTime` DATETIME NULL DEFAULT NULL,
`Facility` SMALLINT(6) NULL DEFAULT NULL,
`Priority` SMALLINT(6) NULL DEFAULT NULL,
`FromHost` VARCHAR(60) NULL DEFAULT NULL,
`Message` TEXT NULL,
`NTSeverity` INT(11) NULL DEFAULT NULL,
`Importance` INT(11) NULL DEFAULT NULL,
`EventSource` VARCHAR(60) NULL DEFAULT NULL,
`EventUser` VARCHAR(60) NULL DEFAULT NULL,
`EventCategory` INT(11) NULL DEFAULT NULL,
`EventID` INT(11) NULL DEFAULT NULL,
`EventBinaryData` TEXT NULL,
`MaxAvailable` INT(11) NULL DEFAULT NULL,
`CurrUsage` INT(11) NULL DEFAULT NULL,
`MinUsage` INT(11) NULL DEFAULT NULL,
`MaxUsage` INT(11) NULL DEFAULT NULL,
`InfoUnitID` INT(11) NULL DEFAULT NULL,
`SysLogTag` VARCHAR(60) NULL DEFAULT NULL,
`EventLogType` VARCHAR(60) NULL DEFAULT NULL,
`GenericFileName` VARCHAR(60) NULL DEFAULT NULL,
`SystemID` INT(11) NULL DEFAULT NULL,
`ProcessID` INT(11) NULL DEFAULT NULL,
`Messagetype` VARCHAR(60) NULL DEFAULT NULL,
PRIMARY KEY (`ID`)
)
COLLATE='latin1_swedish_ci'
ENGINE=MyISAM
AUTO_INCREMENT=337;
===========================linuxlog
CREATE TABLE `3phd` (
`ID` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`CustomerID` BIGINT(20) NULL DEFAULT NULL,
`ReceivedAt` DATETIME NULL DEFAULT NULL,
`DeviceReportedTime` DATETIME NULL DEFAULT NULL,
`Facility` SMALLINT(6) NULL DEFAULT NULL,
`Priority` SMALLINT(6) NULL DEFAULT NULL,
`FromHost` VARCHAR(60) NULL DEFAULT NULL,
`Message` TEXT NULL,
`NTSeverity` INT(11) NULL DEFAULT NULL,
`Importance` INT(11) NULL DEFAULT NULL,
`EventSource` VARCHAR(60) NULL DEFAULT NULL,
`EventUser` VARCHAR(60) NULL DEFAULT NULL,
`EventCategory` INT(11) NULL DEFAULT NULL,
`EventID` INT(11) NULL DEFAULT NULL,
`EventBinaryData` TEXT NULL,
`MaxAvailable` INT(11) NULL DEFAULT NULL,
`CurrUsage` INT(11) NULL DEFAULT NULL,
`MinUsage` INT(11) NULL DEFAULT NULL,
`MaxUsage` INT(11) NULL DEFAULT NULL,
`InfoUnitID` INT(11) NULL DEFAULT NULL,
`SysLogTag` VARCHAR(60) NULL DEFAULT NULL,
`EventLogType` VARCHAR(60) NULL DEFAULT NULL,
`GenericFileName` VARCHAR(60) NULL DEFAULT NULL,
`SystemID` INT(11) NULL DEFAULT NULL,
`ProcessID` INT(11) NULL DEFAULT NULL,
`Messagetype` VARCHAR(60) NULL DEFAULT NULL,
PRIMARY KEY (`ID`)
)
COLLATE='latin1_swedish_ci'
ENGINE=MyISAM
AUTO_INCREMENT=328279;
===============================
securelog
CREATE TABLE `3phd` (
`ID` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`CustomerID` BIGINT(20) NULL DEFAULT NULL,
`ReceivedAt` DATETIME NULL DEFAULT NULL,
`DeviceReportedTime` DATETIME NULL DEFAULT NULL,
`Facility` SMALLINT(6) NULL DEFAULT NULL,
`Priority` SMALLINT(6) NULL DEFAULT NULL,
`FromHost` VARCHAR(60) NULL DEFAULT NULL,
`Message` TEXT NULL,
`NTSeverity` INT(11) NULL DEFAULT NULL,
`Importance` INT(11) NULL DEFAULT NULL,
`EventSource` VARCHAR(60) NULL DEFAULT NULL,
`EventUser` VARCHAR(60) NULL DEFAULT NULL,
`EventCategory` INT(11) NULL DEFAULT NULL,
`EventID` INT(11) NULL DEFAULT NULL,
`EventBinaryData` TEXT NULL,
`MaxAvailable` INT(11) NULL DEFAULT NULL,
`CurrUsage` INT(11) NULL DEFAULT NULL,
`MinUsage` INT(11) NULL DEFAULT NULL,
`MaxUsage` INT(11) NULL DEFAULT NULL,
`InfoUnitID` INT(11) NULL DEFAULT NULL,
`SysLogTag` VARCHAR(60) NULL DEFAULT NULL,
`EventLogType` VARCHAR(60) NULL DEFAULT NULL,
`GenericFileName` VARCHAR(60) NULL DEFAULT NULL,
`SystemID` INT(11) NULL DEFAULT NULL,
`ProcessID` INT(11) NULL DEFAULT NULL,
`Messagetype` VARCHAR(60) NULL DEFAULT NULL,
PRIMARY KEY (`ID`)
)
COLLATE='latin1_swedish_ci'
ENGINE=MyISAM
AUTO_INCREMENT=328279;
==========================
winlog
CREATE TABLE `backer` (
`ID` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`CustomerID` BIGINT(20) NULL DEFAULT NULL,
`ReceivedAt` DATETIME NULL DEFAULT NULL,
`DeviceReportedTime` DATETIME NULL DEFAULT NULL,
`Facility` SMALLINT(6) NULL DEFAULT NULL,
`Priority` SMALLINT(6) NULL DEFAULT NULL,
`FromHost` VARCHAR(60) NULL DEFAULT NULL,
`Message` TEXT NULL,
`NTSeverity` INT(11) NULL DEFAULT NULL,
`Importance` INT(11) NULL DEFAULT NULL,
`EventSource` VARCHAR(60) NULL DEFAULT NULL,
`EventUser` VARCHAR(60) NULL DEFAULT NULL,
`EventCategory` INT(11) NULL DEFAULT NULL,
`EventID` INT(11) NULL DEFAULT NULL,
`EventBinaryData` TEXT NULL,
`MaxAvailable` INT(11) NULL DEFAULT NULL,
`CurrUsage` INT(11) NULL DEFAULT NULL,
`MinUsage` INT(11) NULL DEFAULT NULL,
`MaxUsage` INT(11) NULL DEFAULT NULL,
`InfoUnitID` INT(11) NULL DEFAULT NULL,
`SysLogTag` VARCHAR(60) NULL DEFAULT NULL,
`EventLogType` VARCHAR(60) NULL DEFAULT NULL,
`GenericFileName` VARCHAR(60) NULL DEFAULT NULL,
`SystemID` INT(11) NULL DEFAULT NULL,
`ProcessID` INT(11) NULL DEFAULT NULL,
`Messagetype` VARCHAR(60) NULL DEFAULT NULL,
PRIMARY KEY (`ID`)
)
COLLATE='latin1_swedish_ci'
ENGINE=MyISAM
AUTO_INCREMENT=62719136;
訂閱:
文章 (Atom)