Hi, are 'USERDEF_FAILED_ENTRY_REGEX' supposed to check every log line or only those that already matched 'sshd_format_regex'?
I want to detect failed FTP logins (for various daemons) too, so I added these: # proftpd USERDEF_FAILED_ENTRY_REGEX=.* proftpd.*\[(?P<host>.*)\]\) - USER (?P<user>.*) \(.*failed\).* USERDEF_FAILED_ENTRY_REGEX=.* proftpd.*\[(?P<host>.*)\]\) - USER (?P<invalid>.*): no such user. # vsftpd USERDEF_FAILED_ENTRY_REGEX=.* vsftpd: .*\[(?P<user>.*)\] FAIL LOGIN: Client "(?P<host>.*)" I checked those with Kodos and they all work, but they don't work in DenyHosts... My guess is I'd have to change the 'sshd_format_regex' to something like: .* (sshd.*:|\[sshd\]|proftpd\[\d+\]:|vsftpd:) (?P<message>.*) to make it work... Best regards, Danilo
<<attachment: danilo_godec.vcf>>
------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
