On Saturday 19 Apr 2008, René Berber wrote:
> > Ok, I understand, by the time the second rule is applied, the proftpd
> > header has been stripped off. After some experimentation, I ended up
> > with:
> >
> > SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|proftpd.* \- )(?P<message>.*)
> >
> > USERDEF_FAILED_ENTRY_REGEX=USER
> > (?P<user>.*):.*\[(::ffff:)?(?P<host>\S+)\]
> >
> > which seems to work fine. :)
>
> One problem with the above, you changed the sshd part, which will affect
> the built-in regexes: you stripped the space before the "message". I
> have not tested but it seems like looking for trouble.
>
> SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|proftpd.*:) (?P<message>.*)
>
> works fine with your other change. Or using something close to your
> change:
>
> SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|proftpd.* -) (?P<message>.*)
>
> i.e. just leave the space before the capture of the message.
Not sure it makes any difference but I restored the space anyway!
Cheers
-Robin.
--
----------------------------------------------------------------------
Robin Atwood.
"Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling
----------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
