NAME

BuzzSaw::Filter::SSH - A BuzzSaw event filter for SSH log entries

VERSION

This documentation refers to BuzzSaw::Filter::SSH version 0.11.0

SYNOPSIS

my $filter = BuzzSaw::Filter::SSH->new();

while ( defined( my $line = $fh->getline ) ) {
  my %event = $parser->parse_line($line);

  my ( $accept, @tags ) = $filter->check(\%event);

  if ($accept) {
     # store log entry in DB
  }
}

DESCRIPTION

This is a Moose class which provides a filter which implements the BuzzSaw::Filter role. It is used to filter log entries and find those associated with the SSH daemon. An event will be accepted for storage if it is related to a login being accepted or failed. When an event is accepted by the SSH filter module it returns ssh and auth tags along with one of auth_success or auth_failure.

The BuzzSaw project provides a suite of tools for processing log file entries. Entries in files are parsed and filtered into a set of events of interest which are stored in a database. A report generation framework is also available which makes it easy to generate regular reports regarding the events discovered.

ATTRIBUTES

name

The short name of the module. The default is to use the final part of the Perl module name lower-cased (e.g. the name of BuzzSaw::Filter::SSH is ssh).

SUBROUTINES/METHODS

( $accept, @tags ) = $filter->check(\%event)

This method checks for log entries which are associated with SSH daemon logins which have either been accepted or failed.

DEPENDENCIES

This module is powered by Moose. This module implements the BuzzSaw::Filter Moose role.

SEE ALSO

BuzzSaw, BuzzSaw::Parser

PLATFORMS

This is the list of platforms on which we have tested this software. We expect this software to work on any Unix-like platform which is supported by Perl.

ScientificLinux6

BUGS AND LIMITATIONS

Please report any bugs or problems (or praise!) to bugs@lcfg.org, feedback and patches are also always very welcome.

AUTHOR

Stephen Quinney <squinney@inf.ed.ac.uk>

LICENSE AND COPYRIGHT

Copyright (C) 2012 University of Edinburgh. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the terms of the GPL, version 2 or later.