Frédéric Brière
2008-Jan-24 07:52 UTC
[Logcheck-devel] [PATCH] Added "FTP login|session timed out" rule
Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net>
---
rulefiles/linux/ignore.d.server/proftpd | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/proftpd
b/rulefiles/linux/ignore.d.server/proftpd
index 98d28bb..f7b9d3b 100644
--- a/rulefiles/linux/ignore.d.server/proftpd
+++ b/rulefiles/linux/ignore.d.server/proftpd
@@ -6,7 +6,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) mod_delay/[0-9]\.[0-9]: delaying
for [0-9]+ usecs$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) ANON (anonymous|ftp): Login
successful.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) mod_delay/[0-9.]+: delaying for
[0-9]+ usecs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) FTP no transfer timeout,
disconnected$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) FTP ((login|session) timed out|no
transfer timeout), disconnected$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) USER [-_.[:alnum:]]+: no such user
found from [.:_[:alnum:]-]+ \[[.:[:xdigit:]]+\] to
[.:[:xdigit:]]+:[[:digit:]]{2,5}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) Maximum login attempts
\([[:digit:]]+\) exceeded$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]:? [._[:alnum:]-]+
\([:._[:alnum:]-]+\[[.:[:xdigit:]]+\]\)(:| -) no such user
'[-_.[:alnum:]]+'$
--
1.5.3.8