logmon/config.ini

[general]
debug = false
log_file = /var/log/logmon.log
pid_file = /var/run/logmon.pid
backend = csf

[backend_csf]
csf_path = /usr/sbin/csf
# Dodatkowe opcje CSF

[backend_nftables]
table_name = filter
chain_name = logmon_block

[backend_iptables]
chain_name = LOGMON_BLOCK

[backend_ufw]
# UFW nie wymaga dodatkowych parametrów

[module_postfix]
enabled = true
log_file = /var/log/mail.log
# Alternatywnie dla systemd:
# use_journald = true
# journald_unit = postfix.service

# Parametry detekcji
max_failures = 5
time_window = 60
ban_duration = 86400

# Wzorce do wykrywania
patterns = auth_failed,sasl_failed

[pattern_auth_failed]
regex = authentication failed
score = 1

[pattern_sasl_failed]
regex = SASL [A-Z\-\d]+ authentication failed
score = 2