|
|
|
|
@ -25,7 +25,7 @@ failregex = ^%(__prefix_line)s%(log_prefix)s Registration from '[^']*' failed fo
|
|
|
|
|
^%(__prefix_line)s%(log_prefix)s hacking attempt detected '<HOST>'$ |
|
|
|
|
^%(__prefix_line)s%(log_prefix)s SecurityEvent="(?:FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)"(?:(?:,(?!RemoteAddress=)\w+="[^"]*")*|.*?),RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/\d+"(?:,(?!RemoteAddress=)\w+="[^"]*")*$ |
|
|
|
|
^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from <HOST>"$ |
|
|
|
|
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '.*' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$ |
|
|
|
|
^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$ |
|
|
|
|
|
|
|
|
|
# FreePBX (todo: make optional in v.0.10): |
|
|
|
|
# ^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )[^:]+: Friendly Scanner from <HOST>$ |
|
|
|
|
|
Yannik Sembritzki
7 years ago
committed by