ENH: filter.d/webmin anchor at start and use syslog

ChangeLog

@@ -84,6 +84,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
 	 	 regular expressions with the -D parameter.
    * filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian
      bug #722970
+   * filter.d/webmin - anchored regex at start
   Daniel Black & Georgiy Mernov & ftoppi & Мернов Георгий
    * filter.d/exim.conf -- regex hardening and extra failure examples in
      sample logs

config/filter.d/webmin-auth.conf

@@ -5,23 +5,20 @@
 #
 #
 
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = webmin
+
 [Definition]
 
 # patern :      webmin[15673]: Non-existent login as toto from 86.0.6.217
 #               webmin[29544]: Invalid login as root from 86.0.6.217
 #
-# Option:  failregex
+failregex = ^%(__prefix_line)sNon-existent login as .+ from <HOST>\s*$
-# Notes.:  regex to match the password failure messages in the logfile. The
+            ^%(__prefix_line)sInvalid login as .+ from <HOST>\s*$
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values:  TEXT
-#
-failregex = webmin.* Non-existent login as .+ from <HOST>\s*$
-            webmin.* Invalid login as .+ from <HOST>\s*$
 
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
 ignoreregex = 

testcases/files/logs/webmin-auth

@@ -7,3 +7,7 @@ Dec 13 08:15:18 sb1 webmin[25875]: Invalid login as root from 89.2.49.230
 #2 User does not exists
 # failJSON: { "time": "2004-12-12T23:14:19", "match": true , "host": "188.40.105.142" }
 Dec 12 23:14:19 sb1 webmin[22134]: Non-existent login as robert from 188.40.105.142 
+
+# failJSON: { "time": "2004-09-25T10:38:11", "match": true , "host": "14.200.251.155" }
+Sep 25 10:38:11 platypus webmin[27249]: Non-existent login as admin@goodeyedeer.com.au from 14.200.251.155
+