Merge pull request #567 from grooverdan/groupoffice-filter

ENH: add filter groupoffice. Closes gh-566

ChangeLog

@@ -48,6 +48,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
   - exim-spam filter to match spamassassin log entry for option SAdevnull.
     Thanks Ivo Truxa. Closes gh-533
   - Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
+  - Added filter.d/groupoffice filter thanks to logs from Merijn Schering.
+    Closes gh-566
   - Added to sshd filter expression for "Received disconnect from <HOST>: 3:
     ...: Auth fail". Thanks Marcel Dopita. Closes gh-289
 

MANIFEST

@@ -59,6 +59,7 @@ testcases/files/logs/assp
 testcases/files/logs/asterisk
 testcases/files/logs/dovecot
 testcases/files/logs/exim
+testcases/files/logs/groupoffice
 testcases/files/logs/suhosin
 testcases/files/logs/mysqld-auth
 testcases/files/logs/named-refused
@@ -181,6 +182,7 @@ config/filter.d/3proxy.conf
 config/filter.d/apache-common.conf
 config/filter.d/exim-common.conf
 config/filter.d/exim-spam.conf
+config/filter.d/groupoffice.conf
 config/filter.d/perdition.conf
 config/filter.d/uwimap-auth.conf
 config/action.d/apf.conf

THANKS

@@ -61,6 +61,7 @@ Markus Hoffmann
 Marvin Rouge
 mEDI
 Мернов Георгий
+Merijn Schering
 Michael C. Haller
 Michael Hanselmann
 Nick Munger

config/filter.d/groupoffice.conf

@@ -0,0 +1,14 @@
+# Fail2Ban filter for Group-Office
+#
+# Enable logging with:
+# $config['info_log']='/home/groupoffice/log/info.log';
+#
+
+[Definition]
+
+failregex = ^\[\]LOGIN FAILED for user: "\S+" from IP: <HOST>$
+
+
+
+# Author: Daniel Black
+

testcases/files/logs/groupoffice

@@ -0,0 +1,4 @@
+# failJSON: { "time": "2014-01-06T10:59:38", "match": true, "host": "127.0.0.1" }
+[2014-01-06 10:59:38]LOGIN FAILED for user: "asdsad" from IP: 127.0.0.1
+# failJSON: { "time": "2014-01-06T10:59:49", "match": false, "host": "127.0.0.1" }
+[2014-01-06 10:59:49]LOGIN SUCCESS for user: "admin" from IP: 127.0.0.1