Hi,
the best is probably to implement a custom report ing filter that fits you needs. http://man.openbsd.org/man7/smtpd-filters.7 > Hi, > i would like to use crowdsec to evaluate my mail logs. My current idea is to > block all users that try to login on port 25 > ``` > smtp connected address=43.zzz.yy.xx host=<unknown> > smtp failed-command command="AUTH LOGIN" result="503 5.5.1 Invalid command: > Command not supported" > ``` > So the trigger is line 2 but the ip address is in line 1 > Unfortunately there seems to be no way for crowdsec parser to evaluate 2 lines > Is there any chance or idea how I could change the logs to include the > address in line 2 > Regards > Hagen Bauer