From 65d473fc8e3edea0419e061d88dac5586d9c223e Mon Sep 17 00:00:00 2001
From: Lucian Maly <lucian@redhat.com>
Date: Tue, 4 Mar 2025 11:43:38 +1100
Subject: [PATCH] Added regex for systemd-journal matches of vsftpd

---
 config/filter.d/vsftpd.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/filter.d/vsftpd.conf b/config/filter.d/vsftpd.conf
index 2ecc44d3..53b1f4b3 100644
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@@ -15,8 +15,9 @@ _daemon =  vsftpd
 
 failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
             ^ \[pid \d+\] \[[^\]]+\] FAIL LOGIN: Client "<HOST>"(?:\s*$|,)
+            ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]) vsftpd\[\d+\]: \[[^\]]+\] FAIL LOGIN: Client "<HOST>"(?:\s*$|,)
 
-ignoreregex = 
+ignoreregex =
 
 # Author: Cyril Jaquier
 # Documentation from fail2ban wiki