On 4/28/2011 12:20 PM, Emmanuelle Morin wrote: > Here is my secure.log : > > Apr 28 11:44:03 server1 sshd[34360]: Invalid user klement from 38.96.175.129 > Apr 28 11:44:04 server1 sshd[34362]: Invalid user zumlot from 38.96.175.129
So your original SSHD_FORMAT_REGEX was wrong. Let me guess, you copied it from the DH Web site... > I have tried the following regex : .*sshd\[.*\]: Invalid user (.*) Where? How? Looks wrong, don't waste your time trying things at random. First understand what you are doing: DenyHosts works in two steps, first it looks for a match on SSHD_FORMAT_REGEX, when it has a match it captures the rest of the message and tries to match that with its own hard-coded regexes plus the user defined regex. > it doesn't change anything ! > > Do I have to put something on the SSHD_FORMAT_REGEX ? Only if you changed it (comment out your change, let the default work). Otherwise no. > Can you give me an example of a line DenyHosts will complain on ? What for? Your log looks like any other normal log, DenyHost own (2nd of 7) regex will match. It looks to me that the only thing you needed to change, in denyhosts.cfg, was the log file in SECURE_LOG. Anything else, and it probably caused DH to fail. Also don't expect DH to go backwards in time, it will not detect what has been going on in the past, unless you use the parameter to ignore state. -- René Berber ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
