DOC: resolve ChangeLog conflicts

pull/365/merge
Daniel Black 11 years ago
commit 8c2a5612ed

@ -72,6 +72,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
* filter.d/pam-generic - added syslog prefix. Disabled support for * filter.d/pam-generic - added syslog prefix. Disabled support for
linux-pam before version 0.99.2.0 (2005) linux-pam before version 0.99.2.0 (2005)
* filter.d/gssftpd - anchored regex at start * filter.d/gssftpd - anchored regex at start
* filter.d/mysqld-auth.conf - mysql can use syslog
Daniel Black & Georgiy Mernov & ftoppi & Мернов Георгий Daniel Black & Georgiy Mernov & ftoppi & Мернов Георгий
* filter.d/exim.conf -- regex hardening and extra failure examples in * filter.d/exim.conf -- regex hardening and extra failure examples in
sample logs sample logs

@ -13,7 +13,7 @@ before = common.conf
[Definition] [Definition]
#_daemon = mysqld _daemon = mysqld
# Option: failregex # Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The # Notes.: regex to match the password failures messages in the logfile. The
@ -22,7 +22,8 @@ before = common.conf
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT # Values: TEXT
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES) # 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
failregex = Access denied for user '\w+'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$ #
failregex = ^%(__prefix_line)s(\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[Warning\] Access denied for user '\w+'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$
# Option: ignoreregex # Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored. # Notes.: regex to ignore. If this regex matches, the line is ignored.

@ -10,3 +10,8 @@
130324 19:01:39 [Warning] Access denied for user 'root'@'61.147.108.35' (using password: NO) 130324 19:01:39 [Warning] Access denied for user 'root'@'61.147.108.35' (using password: NO)
# failJSON: { "time": "2013-03-24T19:01:40", "match": true , "host": "61.147.108.35" } # failJSON: { "time": "2013-03-24T19:01:40", "match": true , "host": "61.147.108.35" }
130324 19:01:40 [Warning] Access denied for user 'root'@'61.147.108.35' (using password: YES) 130324 19:01:40 [Warning] Access denied for user 'root'@'61.147.108.35' (using password: YES)
# failJSON: { "time": "2004-09-16T21:30:26", "match": true , "host": "74.207.241.159" }
Sep 16 21:30:26 catinthehat mysqld: 130916 21:30:26 [Warning] Access denied for user 'hacker'@'74.207.241.159' (using password: YES)
# failJSON: { "time": "2004-09-16T21:30:32", "match": true , "host": "74.207.241.159" }
Sep 16 21:30:32 catinthehat mysqld: 130916 21:30:32 [Warning] Access denied for user 'hacker'@'74.207.241.159' (using password: NO)

Loading…
Cancel
Save