###
### The list of rules and actions to match with. Each line must be of the form:
###    log_regex  +++ count/second ==> action  seconds
### or
###    Override: source_host_regex  +++ count/second ==> action  seconds
### or
###    Override: -> dest_host_regex  +++ count/second ==> action  seconds
### or
###    Track: log_regex  +++ count/second ==> action  seconds
###

### define any ${Variable} you can use later in actions
#def: EMAIL | mail -s 'track $0' yu
def: EMAIL ECHO red '$_'
#def: FW ssh -nxa guardian@firewall.domain "guardian DROP $src $sec '$0$rn'"
def: FW ECHO cyan $_

\[Priority: 1\]: +++ ==> LOG

Invalid user \S+ from  +++ 10/30 50/8h ==> ${FW} 6h

Override: __IgnorehostDefault__ +++ ==> ${FW} 3600

Room temperature (\S+) degrees +++ ==> ${EMAIL}
perl:
	${1}>39.5;
end;

### DO NOT REMOVE OR CHANGE THIS LINE ###
### Any 'Override: ...' line above will only be applied to the rule right before it.
### But any override below will be applied to all log matching rules above it.

Track: \b$src\b +++ 10/1h ==> ${EMAIL} 1d