ENH: filter.d/sogo-auth - anchor regex at start

2013-10-05 19:27:07 +10:00 · 2013-10-05 19:27:07 +10:00 · 13bcc9aa84
parent dd10eaa5c0
commit 13bcc9aa84
2 changed files with 2 additions and 1 deletions
--- a/1
+++ b/1
@ -79,6 +79,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
   * filter.d/pam-generic - added syslog prefix. Disabled support for
     linux-pam before version 0.99.2.0 (2005)
   * filter.d/gssftpd - anchored regex at start
+   * filter.d/sogo-auth - anchor regex at start
   * filter.d/mysqld-auth.conf - mysql can use syslog
   * fail2ban-regex - now generates http://www.debuggex.com urls for debugging
 	 	 regular expressions with the -D parameter.
--- a/config/filter.d/sogo-auth.conf
+++ b/config/filter.d/sogo-auth.conf
@ -11,7 +11,7 @@
 # Note: the error log may contain multiple hosts, whereas the first one 
 # is the client and all others are poxys. We match the first one, only

-failregex = Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
+failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$

 # Option: ignoreregex
 # Notes.: regex to ignore. If this regex matches, the line is ignored.