File tree 2 files changed +22
-4
lines changed
2 files changed +22
-4
lines changed Original file line number Diff line number Diff line change 44#
55#
66
7+ [INCLUDES]
8+
9+ # Read common prefixes. If any customizations available -- read them from
10+ # common.local
11+ before = common.conf
12+
13+
714[Definition]
815
16+ _daemon = (?:cyrus/)?(?:imapd?|pop3d?)
17+
918# Option: failregex
1019# Notes.: regex to match the password failures messages in the logfile. The
1120# host must be matched by a group named "host". The tag "<HOST>" can
1221# be used for standard IP/hostname matching and is only an alias for
1322# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
1423# Values: TEXT
1524#
16- failregex = : badlogin: .*\[<HOST>\] plaintext .*SASL\(-13\): authentication failure: checkpass failed$
17- : badlogin: .*\[<HOST>\] LOGIN \[SASL\(-13\): authentication failure: checkpass failed\]$
18- : badlogin: .*\[<HOST>\] (?:CRAM-MD5|NTLM) \[SASL\(-13\): authentication failure: incorrect (?:digest|NTLM) response\]$
19- : badlogin: .*\[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication failure: client response doesn't match what we generated\]$
25+ failregex = ^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] (?:plaintext|LOGIN) .* \[?SASL\(-13\): authentication failure: checkpass failed\]?$
26+ ^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] (?:CRAM-MD5|NTLM) \[SASL\(-13\): authentication failure: incorrect (?:digest|NTLM) response\]$
27+ ^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication failure: client response doesn't match what we generated\]$
2028
2129# Option: ignoreregex
2230# Notes.: regex to ignore. If this regex matches, the line is ignored.
Original file line number Diff line number Diff line change 1+ # failJSON: { "time": "2005-01-04T21:51:05", "match": true , "host": "127.0.0.1" }
2+ Jan 4 21:51:05 hostname cyrus/imap[5355]: badlogin: localhost.localdomain [127.0.0.1] plaintext cyrus@localdomain SASL(-13): authentication failure: checkpass failed
3+ # failJSON: { "time": "2005-02-20T17:23:32", "match": true , "host": "198.51.100.23" }
4+ Feb 20 17:23:32 domain cyrus/pop3[18635]: badlogin: localhost [198.51.100.23] plaintext administrator SASL(-13): authentication failure: checkpass failed
5+ # failJSON: { "time": "2005-02-20T17:23:32", "match": true , "host": "1.2.3.4" }
6+ Feb 20 17:23:32 cyrus/pop3[4297]: badlogin: example.com [1.2.3.4] plaintext mail0001 SASL(-13): authentication failure: checkpass failed
7+ # failJSON: { "time": "2005-06-08T18:11:13", "match": true , "host": "198.51.100.45" }
8+ Jun 8 18:11:13 lampserver imap[4480]: badlogin: example.com [198.51.100.45] DIGEST-MD5 [SASL(-13): authentication failure: client response doesn't match what we generated]
9+ # failJSON: { "time": "2004-12-21T10:01:57", "match": true , "host": "198.51.100.57" }
10+ Dec 21 10:01:57 hostname imapd[18454]: badlogin: example.com [198.51.100.57] CRAM-MD5 [SASL(-13): authentication failure: incorrect digest response]
You can’t perform that action at this time.
0 commit comments