23 lines
722 B
Plaintext
23 lines
722 B
Plaintext
# Fail2ban filter for SOGo authentcation
|
|
#
|
|
# Log file usually in /var/log/sogo/sogo.log
|
|
|
|
[Definition]
|
|
|
|
failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '<HOST>(?:,[^']*)?' for user '[^']*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$
|
|
|
|
ignoreregex = "^<ADDR>"
|
|
|
|
datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
|
|
{^LN-BEG}(?:%%a )?%%b %%d %%H:%%M:%%S(?:\.%%f)?(?: %%ExY)?
|
|
^[^\[]*\[({DATE})
|
|
{^LN-BEG}
|
|
|
|
#
|
|
# DEV Notes:
|
|
#
|
|
# The error log may contain multiple hosts, whereas the first one
|
|
# is the client and all others are poxys. We match the first one, only
|
|
#
|
|
# Author: Arnd Brandes
|