BuzzSaw::Filter::SSH - A BuzzSaw event filter for SSH log entries
This documentation refers to BuzzSaw::Filter::SSH version 0.11.2
my $filter = BuzzSaw::Filter::SSH->new(); while ( defined( my $line = $fh->getline ) ) { my %event = $parser->parse_line($line); my ( $accept, @tags ) = $filter->check(\%event); if ($accept) { # store log entry in DB } }
This is a Moose class which provides a filter which implements the BuzzSaw::Filter role. It is used to filter log entries and find those associated with the SSH daemon. An event will be accepted for storage if it is related to a login being accepted or failed. When an event is accepted by the SSH filter module it returns ssh and auth tags along with one of auth_success or auth_failure.
ssh
auth
auth_success
auth_failure
The BuzzSaw project provides a suite of tools for processing log file entries. Entries in files are parsed and filtered into a set of events of interest which are stored in a database. A report generation framework is also available which makes it easy to generate regular reports regarding the events discovered.
The short name of the module. The default is to use the final part of the Perl module name lower-cased (e.g. the name of BuzzSaw::Filter::SSH is ssh).
BuzzSaw::Filter::SSH
This method checks for log entries which are associated with SSH daemon logins which have either been accepted or failed.
This module is powered by Moose. This module implements the BuzzSaw::Filter Moose role.
BuzzSaw, BuzzSaw::Parser
This is the list of platforms on which we have tested this software. We expect this software to work on any Unix-like platform which is supported by Perl.
ScientificLinux6
Please report any bugs or problems (or praise!) to bugs@lcfg.org, feedback and patches are also always very welcome.
Stephen Quinney <squinney@inf.ed.ac.uk>
Copyright (C) 2012 University of Edinburgh. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the terms of the GPL, version 2 or later.
To install BuzzSaw::DB, copy and paste the appropriate command in to your terminal.
cpanm
cpanm BuzzSaw::DB
CPAN shell
perl -MCPAN -e shell install BuzzSaw::DB
For more information on module installation, please visit the detailed CPAN module installation guide.