[maltrail.conf, [SERVER]] Add support for SYSLOG_SERVER= and LOGSTASH_SERVER= options

Hello!

In ```maltrail.conf``` to add support  for ```SYSLOG_SERVER``` and ```LOGSTASH_SERVER``` options in ```[Server]``` section to make it possible to send messages to remote syslog/SIEM about successful and failed log-ins:

```
мая 01 21:40:26 linux-mk500-154 maltrail[15984]: Failed password for admin from 192.168.x.y port 27566
мая 01 21:40:43 linux-mk500-154 maltrail[15989]: Failed password for qweqweqwd from 192.168.c.d port 27568
мая 01 21:40:52 linux-mk500-154 maltrail[15991]: Failed password for qweqwqweqw from 192.168.a.b port 27571
мая 01 21:49:54 linux-mk500-154 maltrail[16153]: Accepted password for admin from 192.168.e.f port 27774
```

Can be useful to track brute-force attacks on MT server service.

Thank you!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[maltrail.conf, [SERVER]] Add support for SYSLOG_SERVER= and LOGSTASH_SERVER= options #19080

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[maltrail.conf, [SERVER]] Add support for SYSLOG_SERVER= and LOGSTASH_SERVER= options #19080

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions