Hello gurus!
I am trying to set USERDEF_FAILED_ENTRY_REGEX to match my proftpd log
entries.
Of course I tried those in kodos, and yes, they match and get the grouping,
but no, they did not work on denyhosts.
my log lines looks like:
Sep 3 21:48:26 server proftpd[7737]: server.domain.com (203.160.247.33[
203.160.247.33]) - no such user 'Admin'
Sep 3 21:48:26 server proftpd[7737]: server.domain.com (203.160.247.33[
203.160.247.33]) - USER Admin: no such user found from 203.160.247.33
[203.160.247.33]
to 10.1.1.1:21
I tried so far:
USERDEF_FAILED_ENTRY_REGEX=.*proftpd.*\(.*\[(?P<host>.*)\]\) -
(?P<invalid>(?P<message>no such user '(?P<user>.*)'))
.*proftpd.*\(.*\[(?P<host>.*)\]\) - (?P<message>no such user '(?P<user>.*)')
.*proftpd.*\(.*\[(?P<host>.*)\]\) - no such user '(?P<user>.*)'
What may I be missing?
Thank for your time and advice,
Felipe
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
