Merge pull request #359 from grooverdan/pureftpd

ENH: Pureftpd syslog prefixing and filter achoring
11 years ago · f998e01590
parent ba8183b116 39ca8837eb
commit f998e01590
2 changed files with 7 additions and 3 deletions
--- a/config/filter.d/pure-ftpd.conf
+++ b/config/filter.d/pure-ftpd.conf
@ -4,6 +4,9 @@
 # Modified: Yaroslav Halchenko for pure-ftpd
 #
 #
+[INCLUDES]
+
+before = common.conf

 [Definition]

@ -18,7 +21,10 @@ __errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'ut
 #         (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
-failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]\s*$
+#
+_daemon = pure-ftpd
+
+failregex = ^%(__prefix_line)s\(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]\s*$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/testcases/files/logs/pure-ftpd
+++ b/testcases/files/logs/pure-ftpd
@ -1,4 +1,2 @@
 # failJSON: { "time": "2005-01-31T16:54:07", "match": true , "host": "24.79.92.194" }
 Jan 31 16:54:07 desktop pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
-# failJSON: { "time": "2004-11-05T18:54:02", "match": true , "host": "server202181210195.ixlink.net" }
-Nov 5 18:54:02 pure-ftpd: (?@server202181210195.ixlink.net) [WARNING] Authentication failed for user [Administrator]