ENH: Improve xinetd-fail regex and add sample logs

2013-07-21 15:44:09 +01:00 · 2013-07-21 15:44:09 +01:00 · 4033857f63
parent b5ffbced37
commit 4033857f63
2 changed files with 15 additions and 2 deletions
--- a/config/filter.d/xinetd-fail.conf
+++ b/config/filter.d/xinetd-fail.conf
@ -4,8 +4,17 @@
 #
 #

+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
 [Definition]

+_daemon = xinetd
+
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
@ -19,8 +28,8 @@
 # load => xinetd: max_load (temporary problem)
 #

-failregex = xinetd(?:\[\d{1,5}\])?: FAIL: \S+ address from=<HOST>$
-            xinetd(?:\[\d{1,5}\])?: FAIL: \S+ libwrap from=<HOST>$
+failregex = ^%(__prefix_line)sFAIL: \S+ address from=<HOST>$
+            ^%(__prefix_line)sFAIL: \S+ libwrap from=<HOST>$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/testcases/files/logs/xinetd-fail
+++ b/testcases/files/logs/xinetd-fail
@ -0,0 +1,4 @@
+# failJSON: { "time": "2005-05-15T17:38:49", "match": true , "host": "198.51.100.169" }
+May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=198.51.100.169
+# failJSON: { "time": "2005-08-03T14:38:49", "match": true , "host": "198.51.100.223" }
+Aug  3 14:38:49 backup xinetd[31234]: FAIL: amanda libwrap from=198.51.100.223