ENH: sasl - anchor regex at start

pull/378/head
Daniel Black 11 years ago
parent dd10eaa5c0
commit f4c7c8f4b3

@ -80,6 +80,7 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
linux-pam before version 0.99.2.0 (2005) linux-pam before version 0.99.2.0 (2005)
* filter.d/gssftpd - anchored regex at start * filter.d/gssftpd - anchored regex at start
* filter.d/mysqld-auth.conf - mysql can use syslog * filter.d/mysqld-auth.conf - mysql can use syslog
* filter.d/sasl - anchor at start and base on syslog
* fail2ban-regex - now generates http://www.debuggex.com urls for debugging * fail2ban-regex - now generates http://www.debuggex.com urls for debugging
regular expressions with the -D parameter. regular expressions with the -D parameter.
* filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian * filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian

@ -4,19 +4,13 @@
# #
# #
[INCLUDES]
before = common.conf
[Definition] [Definition]
# Option: failregex _daemon = postfix/smtpd
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

Loading…
Cancel
Save