On 4/28/2011 7:37 AM, Emmanuelle Morin wrote:
> SSHD_FORMAT_REGEX=.* \[Sender sshd\] \[PID \d*\] \[Message .* PAM:
> (?P<message>.*?)\].*?
That is the problem.
I don't know how the log looks like in your Mac OSX version, but the
question mark inside the message capture doesn't go there.
It looks like you are trying to match very closely what you saw on the
log, that is not needed, just match the beginning:
SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|\[Sender sshd\]) (?P<message>.*)
Then see if the included regexes match the messages, if not, write your
own USERDEF_FAILED_ENTRY_REGEX. From a previous message to this list, it
could be something like:
USERDEF_FAILED_ENTRY_REGEX=authentication error for (?P<user>.*) .*from
(::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
--
René Berber
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
