Merge pull request #359 from grooverdan/pureftpd

ENH: Pureftpd syslog prefixing and filter achoring

config/filter.d/pure-ftpd.conf

@@ -4,6 +4,9 @@
 # Modified: Yaroslav Halchenko for pure-ftpd
 #
 #
+[INCLUDES]
+
+before = common.conf
 
 [Definition]
 
@@ -18,7 +21,10 @@ __errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'ut
 #         (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
-failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]\s*$
+#
+_daemon = pure-ftpd
+
+failregex = ^%(__prefix_line)s\(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

testcases/files/logs/pure-ftpd

@@ -1,4 +1,2 @@
 # failJSON: { "time": "2005-01-31T16:54:07", "match": true , "host": "24.79.92.194" }
 Jan 31 16:54:07 desktop pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator]
-# failJSON: { "time": "2004-11-05T18:54:02", "match": true , "host": "server202181210195.ixlink.net" }
-Nov 5 18:54:02 pure-ftpd: (?@server202181210195.ixlink.net) [WARNING] Authentication failed for user [Administrator]