From b623bef3ffb31a976d204ab97e18bbc3b9a39aa9 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Sun, 18 Jan 2009 10:18:21 -0500 Subject: [PATCH] BF: addressing added bang to ssh log (closes: #512193) --- config/filter.d/sshd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf index 6e416d5f..052a6ddd 100644 --- a/config/filter.d/sshd.conf +++ b/config/filter.d/sshd.conf @@ -31,7 +31,7 @@ failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* fro ^%(__prefix_line)sUser \S+ from not allowed because not listed in AllowUsers$ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=(?:\s+user=.*)?\s*$ ^%(__prefix_line)srefused connect from \S+ \(\)\s*$ - ^%(__prefix_line)sAddress .* POSSIBLE BREAK-IN ATTEMPT\s*$ + ^%(__prefix_line)sAddress .* POSSIBLE BREAK-IN ATTEMPT!*\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored.