diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf index 34e7661d..be560902 100644 --- a/config/filter.d/proftpd.conf +++ b/config/filter.d/proftpd.conf @@ -15,7 +15,7 @@ # Values: TEXT # failregex = \(\S+\[\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+ *$ - \(\S+\[\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\. *$ + \(\S+\[\]\)[: -]+ USER \S+ \(Login failed\): .*$ \(\S+\[\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\. *$ \(\S+\[\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$ diff --git a/config/filter.d/pure-ftpd.conf b/config/filter.d/pure-ftpd.conf index fbbfc2d1..345780dc 100644 --- a/config/filter.d/pure-ftpd.conf +++ b/config/filter.d/pure-ftpd.conf @@ -19,7 +19,7 @@ __errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'ut # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # -failregex = pure-ftpd(?:\[\d+\])?: (.+?@) \[WARNING\] %(__errmsg)s \[.+\]$ +failregex = pure-ftpd(?:\[\d+\])?: \(.+?@\) \[WARNING\] %(__errmsg)s \[.+\]\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/server/datedetector.py b/server/datedetector.py index fd91a829..a631882e 100644 --- a/server/datedetector.py +++ b/server/datedetector.py @@ -71,6 +71,13 @@ class DateDetector: template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}") template.setPattern("%d/%m/%Y %H:%M:%S") self.__templates.append(template) + # previous one but with year given by 2 digits + # (See http://bugs.debian.org/537610) + template = DateStrptime() + template.setName("Day/Month/Year Hour:Minute:Second") + template.setRegex("\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}") + template.setPattern("%d/%m/%y %H:%M:%S") + self.__templates.append(template) # Apache format [31/Oct/2006:09:22:55 -0000] template = DateStrptime() template.setName("Day/MONTH/Year:Hour:Minute:Second")