[module]
desc = Logins
exec = /usr/share/epylog/modules/logins_mod.py
files = /var/log/messages[.#], /var/log/secure[.#]
enabled = yes
internal = yes
outhtml = yes
priority = 0

[conf]
##
# Only enable things useful for your configuration to speed things
# up. The more stuff you enable, the slower matching will be.
#
enable_pam = 1
enable_xinetd = 1
enable_sshd = 1
enable_uw_imap = 0
enable_dovecot = 0
enable_courier = 0
enable_imp = 0
enable_proftpd = 0
##
# This is a fun setting. You can list domains that are "safe" here.
# E.g. if your org's domain is example.com and you generally don't 
# expect logins from hosts in example.com domain to be suspicious, you
# can add "example.com$" as a safe domain. This way anyone logging in from
# a remote host not matching *.example.com will be flagged in red and the
# full hostname of the connecting machine will be printed in the report.
# List multiple values separated by comma.
# E.g.: safe_domains = example.com$, foo.edu$
# The default is .*, meaning all domains are considered safe. To turn
# this off specify something like:
# safe_domains = !.*
safe_domains = .*
##
# If you have too many systems, wide-scale probing may turn ugly. This
# will collapse the reports.
systems_collapse = 10