Hi, I investigated all threads about regex and proftpd, but I am going crazy on this, it won't work on my machine. I did the following changes:
OS: CentOS 5.5 /etc/denyhosts/denyhosts.cfg SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|proftpd.*:) (?P<message>.*) USERDEF_FAILED_ENTRY_REGEX=.*USER (?P<user>.*):.* from ::ffff:(?P<host>.*) \[.* Log entries look like this: Jan 22 21:15:48 www proftpd[20397]: 192.168.x.y (::ffff:288.22.132.59[::ffff:188.22.132.59]) - USER ab12312b321: no such user found from ::ffff:288.22.132.59 [::ffff:288.22.132.59] to ::ffff:192.168.y.y:21 The regular expression is matching fine, tested here: http://www.regular-expressions.info/reference.html Any advice is really welcome, Thanks a lot, Thomas
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
