ENH: Improve wuftpd failregex, drop duplicate pam regex and add sample

For wu-ftpd configured to use pam, the pam filter used be used, as regex
is more robust.
pull/303/merge^2
Steven Hiscocks 2013-07-20 16:34:24 +01:00
parent 57a6c11260
commit ab671b0b1a
2 changed files with 11 additions and 2 deletions

View File

@ -4,14 +4,21 @@
#
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = wu-ftpd
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
wu-ftpd(?:\[\d+\])?: *failed login from .*\[<HOST>\] *$
failregex = ^%(__prefix_line)sfailed login from \S+ \[<HOST>\]$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.

View File

@ -1,3 +1,5 @@
# This login line is from syslog
# failJSON: { "time": "2004-10-06T09:59:26", "match": true , "host": "202.108.145.173" }
Oct 6 09:59:26 myserver wu-ftpd[18760]: failed login from hj-145-173-a8.bta.net.cn [202.108.145.173]
# failJSON: { "time": "2004-10-11T16:45:07", "match": true , "host": "198.51.100.71" }
Oct 11 16:45:07 ubuntu wu-ftpd[2360]: failed login from example.com [198.51.100.71]