mirror of https://github.com/fail2ban/fail2ban
simplify fields-group a bit (everything up to 4 chars long but H), so it'll be faster (no multiple branches) as well as would theoretically accept future enhancements of logged fields.
sebres
parent
c22a83933b
commit
e605415f61
|
|
@ -9,8 +9,8 @@ after = exim-common.local
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|
||||||
cleaner = (?: (?:C|Ci|CV|D|DKIM|DN|DS|DT|F|I|K|L|M8S|P|PRDR|PRX|Q|QT|R|RT|S|SNI|ST|T|TFO|U|X)(?:=\S+)?)*
|
_fields_grp = (?: (?!H=)[A-Za-z]{1,4}(?:=\S+)?)*
|
||||||
host_info = %(cleaner)s (?:H=)?(?:[\w.-]+)? ?(?:\(\S+\))? ?\[<ADDR>\](?::\d+)?%(cleaner)s
|
host_info = %(_fields_grp)s (?:H=)?(?:[\w.-]+)? ?(?:\(\S+\))? ?\[<ADDR>\](?::\d+)?%(_fields_grp)s
|
||||||
pid = (?: \[\d+\]| \w+ exim\[\d+\]:)?
|
pid = (?: \[\d+\]| \w+ exim\[\d+\]:)?
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -27,50 +27,15 @@ pid = (?: \[\d+\]| \w+ exim\[\d+\]:)?
|
||||||
# src/src/host.c:host_and_ident()
|
# src/src/host.c:host_and_ident()
|
||||||
# src/receive.c:add_host_info_for_log()
|
# src/receive.c:add_host_info_for_log()
|
||||||
|
|
||||||
# Cleaner removing all flags but H
|
# Substitution of `_fields_grp` bypasses all flags but H
|
||||||
# Summary of Fields in Log Lines depending on log_selector
|
# Summary of Fields in Log Lines depending on log_selector
|
||||||
# https://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html
|
# https://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html
|
||||||
# at version exim-4.97.1
|
# at version exim-4.97.1
|
||||||
# ---
|
# ---
|
||||||
# A authenticator name (and optional id and sender)
|
|
||||||
# C SMTP confirmation on delivery
|
|
||||||
# Ci connection identifier
|
|
||||||
# command list for “no mail in SMTP session”
|
|
||||||
# CV certificate verification status
|
|
||||||
# D duration of “no mail in SMTP session”
|
|
||||||
# DKIM domain verified in incoming message
|
|
||||||
# DN distinguished name from peer certificate
|
|
||||||
# DS DNSSEC secured lookups
|
|
||||||
# DT on =>, == and ** lines: time taken for, or to attempt, a delivery
|
|
||||||
# F sender address (on delivery lines)
|
|
||||||
# H host name and IP address
|
|
||||||
# I local interface used
|
|
||||||
# id message id (from header) for incoming message
|
|
||||||
# K CHUNKING extension used
|
|
||||||
# L on <= and => lines: PIPELINING extension used
|
|
||||||
# M8S 8BITMIME status for incoming message
|
|
||||||
# P on <= lines: protocol used
|
|
||||||
# on => and ** lines: return path
|
|
||||||
# PRDR PRDR extension used
|
|
||||||
# PRX on <= and => lines: proxy address
|
|
||||||
# Q alternate queue name
|
|
||||||
# QT on => lines: time spent on queue so far
|
|
||||||
# on “Completed” lines: time spent on queue
|
|
||||||
# R on <= lines: reference for local bounce
|
|
||||||
# on => >> ** and == lines: router name
|
|
||||||
# RT on <= lines: time taken for reception
|
|
||||||
# S size of message in bytes
|
|
||||||
# SNI server name indication from TLS client hello
|
|
||||||
# ST shadow transport name
|
|
||||||
# T on <= lines: message subject (topic)
|
|
||||||
# TFO connection took advantage of TCP Fast Open
|
|
||||||
# on => ** and == lines: transport name
|
|
||||||
# U local user or RFC 1413 identity
|
|
||||||
# X TLS cipher suite
|
|
||||||
# ---
|
|
||||||
|
|
||||||
# Authors:
|
# Authors:
|
||||||
# Cyril Jaquier
|
# Cyril Jaquier
|
||||||
# Daniel Black (rewrote with strong regexs)
|
# Daniel Black (rewrote with strong regexs)
|
||||||
|
# Sergey G. Brester aka sebres (optimization, rewrite to prefregex, reviews)
|
||||||
# Martin O'Neal (added additional regexs to detect authentication failures, protocol errors, and drops)
|
# Martin O'Neal (added additional regexs to detect authentication failures, protocol errors, and drops)
|
||||||
# Varlamov Vladimir (host line definition)
|
# Varlamov Vladimir (host line definition)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue