From 9ce1e333131733fce4015271b0d70336cec5a211 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 17 Sep 2013 22:24:28 +1000 Subject: [PATCH 1/2] TST: pureftpd - everything I've seen suggests that pureftpd only does syslog - even back to 2004. Not sure how this second example came into existance --- testcases/files/logs/pure-ftpd | 2 -- 1 file changed, 2 deletions(-) diff --git a/testcases/files/logs/pure-ftpd b/testcases/files/logs/pure-ftpd index ef49b2ff..d77ff217 100644 --- a/testcases/files/logs/pure-ftpd +++ b/testcases/files/logs/pure-ftpd @@ -1,4 +1,2 @@ # failJSON: { "time": "2005-01-31T16:54:07", "match": true , "host": "24.79.92.194" } Jan 31 16:54:07 desktop pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator] -# failJSON: { "time": "2004-11-05T18:54:02", "match": true , "host": "server202181210195.ixlink.net" } -Nov 5 18:54:02 pure-ftpd: (?@server202181210195.ixlink.net) [WARNING] Authentication failed for user [Administrator] From 39ca8837eb7523dbc4d2a94ba4bf336e3c3fb433 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 17 Sep 2013 22:24:56 +1000 Subject: [PATCH 2/2] TST: pureftpd - syslog therefore use syslog prefixes in filter --- config/filter.d/pure-ftpd.conf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/config/filter.d/pure-ftpd.conf b/config/filter.d/pure-ftpd.conf index de46461d..2f910b8a 100644 --- a/config/filter.d/pure-ftpd.conf +++ b/config/filter.d/pure-ftpd.conf @@ -4,6 +4,9 @@ # Modified: Yaroslav Halchenko for pure-ftpd # # +[INCLUDES] + +before = common.conf [Definition] @@ -18,7 +21,10 @@ __errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'ut # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # -failregex = pure-ftpd(?:\[\d+\])?: \(.+?@\) \[WARNING\] %(__errmsg)s \[.+\]\s*$ +# +_daemon = pure-ftpd + +failregex = ^%(__prefix_line)s\(.+?@\) \[WARNING\] %(__errmsg)s \[.+\]\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored.