From ec4e0dd65b1f2483a3e2413a61442eb544ae8c16 Mon Sep 17 00:00:00 2001 From: "Sergey G. Brester" Date: Fri, 21 May 2021 13:00:24 +0200 Subject: [PATCH] padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name) --- config/filter.d/zoneminder.conf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/config/filter.d/zoneminder.conf b/config/filter.d/zoneminder.conf index b3c0be72..8e8ed432 100644 --- a/config/filter.d/zoneminder.conf +++ b/config/filter.d/zoneminder.conf @@ -6,15 +6,16 @@ before = apache-common.conf [Definition] # patterns: [Mon Mar 28 16:50:49.522240 2016] [:error] [pid 1795] [client 10.1.1.1:50700] WAR [Login denied for user "username1"], referer: https://zoneminder/ -# [Sun Mar 28 16:53:00.472693 2021] [php7:notice] [pid 11328] [client 10.1.1.1:39568] ERR [Could not retrieve user test details], referer: https://zm/ -# [Sun Mar 28 16:59:14.150625 2021] [php7:notice] [pid 11336] [client 10.1.1.1:39654] ERR [Login denied for user "john"], referer: https://zm/ +# [Sun Mar 28 16:53:00.472693 2021] [php7:notice] [pid 11328] [client 10.1.1.1:39568] ERR [Could not retrieve user test details], referer: https://zm/ +# [Sun Mar 28 16:59:14.150625 2021] [php7:notice] [pid 11336] [client 10.1.1.1:39654] ERR [Login denied for user "john"], referer: https://zm/ # # Option: failregex # Notes.: regex to match the login failure and non-existent user error messages in the logfile. -failregex = ^%(_apache_error_client)s WAR \[Login denied for user "[^"]*"\] - ^%(_apache_error_client)s ERR \[Login denied for user "[^"]*"\] - ^%(_apache_error_client)s ERR \[Could not retrieve user \w* details\] +prefregex = ^%(_apache_error_client)s (?:ERR|WAR) \[(?:Login denied|Could not retrieve).*$ + +failregex = ^\[Login denied for user "[^"]*"\] + ^\[Could not retrieve user \S* ignoreregex =