Hayden, Robert wrote: > Is there one for PoroFTPD?
I use on Solaris (the log may be a little different): USERDEF_FAILED_ENTRY_REGEX=.* proftpd\[\d+\]:.*\[(?P<host>\S+)\].* USER (?P<user>\S+): .*(Authentication failed|no such user) .* The log on Solaris looks like this: Sep 6 22:01:41 legosoft proftpd[298]: www.mydomain.com (218.94.68.8[218.94.68.8]) - USER oracle: no such user found from 218.94.68.8 [218.94.68.8] to 192.168.20.240:21 Sep 6 22:01:42 legosoft proftpd[298]: www.mydomain.com (218.94.68.8[218.94.68.8]) - no such user 'oracle' Which is similar, but not the same, from what I get in Windows: 09-11-07 16:53:07 proftpd: [authpriv.notice] black.cactus-soft.dyndns.org (localhost[127.0.0.1]) - USER anonymous: no such user found from localhost [127.0.0.1] to 127.0.0.1:21 09-11-07 16:53:07 proftpd: [authpriv.info] black.cactus-soft.dyndns.org (localhost[127.0.0.1]) - FTP session closed. For this last case I would use (deleting the part that matches square brackets after the deamon name): USERDEF_FAILED_ENTRY_REGEX=.* proftpd.*\[(?P<host>\S+)\].* USER (?P<user>\S+): .*(Authentication failed|no such user) .* -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
