Fail2ban + sasl problem and Solution

Discussion in 'General' started by pititis, Feb 9, 2011.

  1. pititis

    pititis Member

    Today I got a brute force attack. Login failures are not detected by fail2ban. (I'm using Ubuntu server 10.04.2 LTS )

    Here is my sasl section in fail2ban

    Code:
    [sasl]
    enabled = true
    port = smtp
    filter = sasl
    logpath = /var/log/mail.log
    maxretry = 5
    
    
    here my /etc/fail2ban/filter.d/sasl.conf

    Code:
    
    # Fail2Ban configuration file
    #
    # Author: Yaroslav Halchenko
    #
    # $Revision: 728 $
    #
    
    [Definition]
    
    # Option: failregex
    # Notes.: regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
    # Values: TEXT
    #
    failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex = 
    
    
    
    /var/log/mail.log

    Code:
    Feb  9 14:28:33 server postfix/smtpd[4858]: connect from unknown[196.214.48.249]
    Feb  9 14:28:38 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:28:38 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:28:41 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:28:41 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:28:52 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:28:52 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:28:56 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:28:56 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:28:58 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:28:58 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:02 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:02 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:05 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:05 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:08 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:08 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:14 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:14 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:18 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:18 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:25 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:25 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:32 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:32 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:40 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:40 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:48 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    Feb  9 14:29:48 server postfix/smtpd[4858]: warning: unknown[196.214.48.249]: SASL LOGIN authentication failed: generic failure
    Feb  9 14:29:56 server postfix/smtpd[4858]: warning: SASL authentication failure: All-whitespace username.
    .
    .
    .
    
    Testing config with fail2ban-regex

    Code:
    
    root@server /var/log # fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf 
    
    Running tests
    =============
    
    Use regex file : /etc/fail2ban/filter.d/sasl.conf
    Use log file   : /var/log/mail.log
    
    
    Results
    =======
    
    Failregex
    |- Regular expressions:
    |  [1] (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
    |
    `- Number of matches:
       [1] 0 match(es)
    
    Ignoreregex
    |- Regular expressions:
    |
    `- Number of matches:
    
    Summary
    =======
    
    Sorry, no match
    
    Look at the above section 'Running tests' which could contain important
    information.
    
    
    Then I did a simple change in /etc/fail2ban/filter.d/sasl.conf:

    This file contain
    Code:
    failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
    
    I change this line for
    Code:
    failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w
    
    
    ...then restart fail2ban:

    Code:
    /etc/init.d/fail2ban restart
    
    ...and test the new config

    Code:
    root@server /var/log # fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf 
    
    Running tests
    =============
    
    Use regex file : /etc/fail2ban/filter.d/sasl.conf
    Use log file   : /var/log/mail.log
    
    
    Results
    =======
    
    Failregex
    |- Regular expressions:
    |  [1] (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed: \w
    |
    `- Number of matches:
       [1] 286 match(es)
    
    Ignoreregex
    |- Regular expressions:
    |
    `- Number of matches:
    
    Summary
    =======
    
    Addresses found:
    [1]
        196.214.48.249 (Wed Feb 09 14:28:38 2011)
        196.214.48.249 (Wed Feb 09 14:28:41 2011)
        196.214.48.249 (Wed Feb 09 14:28:52 2011)
        196.214.48.249 (Wed Feb 09 14:28:56 2011)
        196.214.48.249 (Wed Feb 09 14:28:58 2011)
        196.214.48.249 (Wed Feb 09 14:29:02 2011)
        196.214.48.249 (Wed Feb 09 14:29:05 2011)
        196.214.48.249 (Wed Feb 09 14:29:08 2011)
        196.214.48.249 (Wed Feb 09 14:29:14 2011)
        196.214.48.249 (Wed Feb 09 14:29:18 2011)
        196.214.48.249 (Wed Feb 09 14:29:25 2011)
        196.214.48.249 (Wed Feb 09 14:29:32 2011)
        196.214.48.249 (Wed Feb 09 14:29:40 2011)
        196.214.48.249 (Wed Feb 09 14:29:48 2011)
        196.214.48.249 (Wed Feb 09 14:29:56 2011)
        196.214.48.249 (Wed Feb 09 14:30:10 2011)
        196.214.48.249 (Wed Feb 09 14:30:16 2011)
        196.214.48.249 (Wed Feb 09 14:30:25 2011)
        196.214.48.249 (Wed Feb 09 14:30:50 2011)
        196.214.48.249 (Wed Feb 09 14:30:56 2011)
        196.214.48.249 (Wed Feb 09 14:31:03 2011)
        196.214.48.249 (Wed Feb 09 14:31:06 2011)
        196.214.48.249 (Wed Feb 09 14:31:17 2011)
        196.214.48.249 (Wed Feb 09 14:31:26 2011)
        196.214.48.249 (Wed Feb 09 14:31:36 2011)
        196.214.48.249 (Wed Feb 09 14:31:39 2011)
        196.214.48.249 (Wed Feb 09 14:31:42 2011)
        196.214.48.249 (Wed Feb 09 14:31:47 2011)
        196.214.48.249 (Wed Feb 09 14:31:52 2011)
        196.214.48.249 (Wed Feb 09 14:31:57 2011)
        196.214.48.249 (Wed Feb 09 14:32:04 2011)
        196.214.48.249 (Wed Feb 09 14:32:11 2011)
        196.214.48.249 (Wed Feb 09 14:32:27 2011)
        196.214.48.249 (Wed Feb 09 14:32:34 2011)
        196.214.48.249 (Wed Feb 09 14:32:42 2011)
        196.214.48.249 (Wed Feb 09 14:32:50 2011)
        196.214.48.249 (Wed Feb 09 14:33:00 2011)
        196.214.48.249 (Wed Feb 09 14:33:11 2011)
        196.214.48.249 (Wed Feb 09 14:33:18 2011)
        196.214.48.249 (Wed Feb 09 14:33:26 2011)
        196.214.48.249 (Wed Feb 09 14:33:36 2011)
        196.214.48.249 (Wed Feb 09 14:33:39 2011)
        196.214.48.249 (Wed Feb 09 14:33:42 2011)
        196.214.48.249 (Wed Feb 09 14:33:46 2011)
        196.214.48.249 (Wed Feb 09 14:33:51 2011)
        196.214.48.249 (Wed Feb 09 14:33:54 2011)
        196.214.48.249 (Wed Feb 09 14:33:58 2011)
        196.214.48.249 (Wed Feb 09 14:34:02 2011)
        196.214.48.249 (Wed Feb 09 14:34:05 2011)
        196.214.48.249 (Wed Feb 09 14:34:09 2011)
        196.214.48.249 (Wed Feb 09 14:34:15 2011)
        196.214.48.249 (Wed Feb 09 14:34:22 2011)
        196.214.48.249 (Wed Feb 09 14:34:33 2011)
        196.214.48.249 (Wed Feb 09 14:34:41 2011)
        196.214.48.249 (Wed Feb 09 14:34:49 2011)
        196.214.48.249 (Wed Feb 09 14:34:59 2011)
        196.214.48.249 (Wed Feb 09 14:35:06 2011)
        196.214.48.249 (Wed Feb 09 14:35:18 2011)
        196.214.48.249 (Wed Feb 09 14:35:25 2011)
        196.214.48.249 (Wed Feb 09 14:35:32 2011)
        196.214.48.249 (Wed Feb 09 14:35:47 2011)
        196.214.48.249 (Wed Feb 09 14:35:58 2011)
        196.214.48.249 (Wed Feb 09 14:36:26 2011)
        196.214.48.249 (Wed Feb 09 14:36:51 2011)
        196.214.48.249 (Wed Feb 09 14:36:54 2011)
        196.214.48.249 (Wed Feb 09 14:36:57 2011)
        196.214.48.249 (Wed Feb 09 14:37:03 2011)
        196.214.48.249 (Wed Feb 09 14:37:10 2011)
        196.214.48.249 (Wed Feb 09 14:37:14 2011)
        196.214.48.249 (Wed Feb 09 14:37:18 2011)
        196.214.48.249 (Wed Feb 09 14:37:26 2011)
        196.214.48.249 (Wed Feb 09 14:37:35 2011)
        196.214.48.249 (Wed Feb 09 14:37:42 2011)
        196.214.48.249 (Wed Feb 09 14:37:50 2011)
        196.214.48.249 (Wed Feb 09 14:38:00 2011)
        196.214.48.249 (Wed Feb 09 14:38:09 2011)
        196.214.48.249 (Wed Feb 09 14:38:15 2011)
        196.214.48.249 (Wed Feb 09 14:38:29 2011)
        196.214.48.249 (Wed Feb 09 14:38:37 2011)
        196.214.48.249 (Wed Feb 09 14:38:46 2011)
        196.214.48.249 (Wed Feb 09 14:38:55 2011)
        196.214.48.249 (Wed Feb 09 14:38:59 2011)
        196.214.48.249 (Wed Feb 09 14:39:08 2011)
        196.214.48.249 (Wed Feb 09 14:39:14 2011)
        196.214.48.249 (Wed Feb 09 14:39:18 2011)
        196.214.48.249 (Wed Feb 09 14:39:21 2011)
        196.214.48.249 (Wed Feb 09 14:39:24 2011)
        196.214.48.249 (Wed Feb 09 14:39:26 2011)
        196.214.48.249 (Wed Feb 09 14:39:29 2011)
        196.214.48.249 (Wed Feb 09 14:39:36 2011)
        196.214.48.249 (Wed Feb 09 14:39:42 2011)
        196.214.48.249 (Wed Feb 09 14:39:51 2011)
        196.214.48.249 (Wed Feb 09 14:39:58 2011)
        196.214.48.249 (Wed Feb 09 14:40:05 2011)
        196.214.48.249 (Wed Feb 09 14:40:13 2011)
        196.214.48.249 (Wed Feb 09 14:40:21 2011)
        196.214.48.249 (Wed Feb 09 14:40:29 2011)
        196.214.48.249 (Wed Feb 09 14:40:36 2011)
        196.214.48.249 (Wed Feb 09 14:40:44 2011)
        196.214.48.249 (Wed Feb 09 14:40:54 2011)
        196.214.48.249 (Wed Feb 09 14:41:04 2011)
        196.214.48.249 (Wed Feb 09 14:41:07 2011)
        196.214.48.249 (Wed Feb 09 14:41:10 2011)
        196.214.48.249 (Wed Feb 09 14:41:13 2011)
        196.214.48.249 (Wed Feb 09 14:41:18 2011)
        196.214.48.249 (Wed Feb 09 14:41:24 2011)
        196.214.48.249 (Wed Feb 09 14:41:28 2011)
        196.214.48.249 (Wed Feb 09 14:41:32 2011)
        196.214.48.249 (Wed Feb 09 14:41:38 2011)
        196.214.48.249 (Wed Feb 09 14:41:49 2011)
        196.214.48.249 (Wed Feb 09 14:42:04 2011)
        196.214.48.249 (Wed Feb 09 14:42:15 2011)
        196.214.48.249 (Wed Feb 09 14:42:22 2011)
        196.214.48.249 (Wed Feb 09 14:42:30 2011)
        196.214.48.249 (Wed Feb 09 14:42:38 2011)
        196.214.48.249 (Wed Feb 09 14:42:47 2011)
        196.214.48.249 (Wed Feb 09 14:42:55 2011)
        196.214.48.249 (Wed Feb 09 14:43:02 2011)
        196.214.48.249 (Wed Feb 09 14:43:09 2011)
        196.214.48.249 (Wed Feb 09 14:43:16 2011)
        196.214.48.249 (Wed Feb 09 14:43:24 2011)
        196.214.48.249 (Wed Feb 09 14:43:28 2011)
        196.214.48.249 (Wed Feb 09 14:43:33 2011)
        196.214.48.249 (Wed Feb 09 14:43:39 2011)
        196.214.48.249 (Wed Feb 09 14:43:42 2011)
        196.214.48.249 (Wed Feb 09 14:43:45 2011)
        196.214.48.249 (Wed Feb 09 14:43:48 2011)
        196.214.48.249 (Wed Feb 09 14:43:51 2011)
        196.214.48.249 (Wed Feb 09 14:43:56 2011)
        196.214.48.249 (Wed Feb 09 14:44:01 2011)
        196.214.48.249 (Wed Feb 09 14:44:12 2011)
        196.214.48.249 (Wed Feb 09 14:44:18 2011)
        196.214.48.249 (Wed Feb 09 14:44:26 2011)
        196.214.48.249 (Wed Feb 09 14:44:35 2011)
        196.214.48.249 (Wed Feb 09 14:44:42 2011)
        196.214.48.249 (Wed Feb 09 14:44:51 2011)
        196.214.48.249 (Wed Feb 09 14:44:57 2011)
        196.214.48.249 (Wed Feb 09 14:45:05 2011)
        196.214.48.249 (Wed Feb 09 14:45:14 2011)
        196.214.48.249 (Wed Feb 09 14:45:23 2011)
        196.214.48.249 (Wed Feb 09 14:45:32 2011)
        196.214.48.249 (Wed Feb 09 14:45:37 2011)
        196.214.48.249 (Wed Feb 09 14:45:42 2011)
        196.214.48.249 (Wed Feb 09 14:45:45 2011)
        196.214.48.249 (Wed Feb 09 14:45:48 2011)
        196.214.48.249 (Wed Feb 09 14:45:54 2011)
        196.214.48.249 (Wed Feb 09 14:46:01 2011)
        196.214.48.249 (Wed Feb 09 14:46:05 2011)
        196.214.48.249 (Wed Feb 09 14:46:09 2011)
        196.214.48.249 (Wed Feb 09 14:46:20 2011)
        196.214.48.249 (Wed Feb 09 14:46:26 2011)
        196.214.48.249 (Wed Feb 09 14:46:33 2011)
        196.214.48.249 (Wed Feb 09 14:46:41 2011)
        196.214.48.249 (Wed Feb 09 14:46:50 2011)
        196.214.48.249 (Wed Feb 09 14:46:58 2011)
        196.214.48.249 (Wed Feb 09 14:47:06 2011)
        196.214.48.249 (Wed Feb 09 14:47:16 2011)
        196.214.48.249 (Wed Feb 09 14:47:22 2011)
        196.214.48.249 (Wed Feb 09 14:47:30 2011)
        196.214.48.249 (Wed Feb 09 14:47:38 2011)
        196.214.48.249 (Wed Feb 09 14:47:44 2011)
        196.214.48.249 (Wed Feb 09 14:47:47 2011)
        196.214.48.249 (Wed Feb 09 14:47:51 2011)
        196.214.48.249 (Wed Feb 09 14:47:54 2011)
        196.214.48.249 (Wed Feb 09 14:47:58 2011)
        196.214.48.249 (Wed Feb 09 14:48:00 2011)
        196.214.48.249 (Wed Feb 09 14:48:03 2011)
        196.214.48.249 (Wed Feb 09 14:48:07 2011)
        196.214.48.249 (Wed Feb 09 14:48:10 2011)
        196.214.48.249 (Wed Feb 09 14:48:13 2011)
        196.214.48.249 (Wed Feb 09 14:48:20 2011)
        196.214.48.249 (Wed Feb 09 14:48:28 2011)
        196.214.48.249 (Wed Feb 09 14:48:34 2011)
        196.214.48.249 (Wed Feb 09 14:48:42 2011)
        196.214.48.249 (Wed Feb 09 14:48:50 2011)
        196.214.48.249 (Wed Feb 09 14:48:57 2011)
        196.214.48.249 (Wed Feb 09 14:49:04 2011)
        196.214.48.249 (Wed Feb 09 14:49:11 2011)
        196.214.48.249 (Wed Feb 09 14:49:19 2011)
        196.214.48.249 (Wed Feb 09 14:49:26 2011)
        196.214.48.249 (Wed Feb 09 14:49:40 2011)
        196.214.48.249 (Wed Feb 09 14:50:25 2011)
        196.214.48.249 (Wed Feb 09 14:50:27 2011)
        196.214.48.249 (Wed Feb 09 14:50:32 2011)
        196.214.48.249 (Wed Feb 09 14:50:35 2011)
        196.214.48.249 (Wed Feb 09 14:50:40 2011)
        196.214.48.249 (Wed Feb 09 14:50:43 2011)
        196.214.48.249 (Wed Feb 09 14:50:49 2011)
        196.214.48.249 (Wed Feb 09 14:50:52 2011)
        196.214.48.249 (Wed Feb 09 14:50:55 2011)
        196.214.48.249 (Wed Feb 09 14:50:58 2011)
        196.214.48.249 (Wed Feb 09 14:51:01 2011)
        196.214.48.249 (Wed Feb 09 14:51:07 2011)
        196.214.48.249 (Wed Feb 09 14:51:14 2011)
        196.214.48.249 (Wed Feb 09 14:51:21 2011)
        196.214.48.249 (Wed Feb 09 14:51:29 2011)
        196.214.48.249 (Wed Feb 09 14:51:35 2011)
        196.214.48.249 (Wed Feb 09 14:51:43 2011)
        196.214.48.249 (Wed Feb 09 14:51:50 2011)
        196.214.48.249 (Wed Feb 09 14:51:57 2011)
        196.214.48.249 (Wed Feb 09 14:52:04 2011)
        196.214.48.249 (Wed Feb 09 14:52:12 2011)
        196.214.48.249 (Wed Feb 09 14:52:17 2011)
        196.214.48.249 (Wed Feb 09 14:52:22 2011)
        196.214.48.249 (Wed Feb 09 14:52:25 2011)
        196.214.48.249 (Wed Feb 09 14:52:29 2011)
        196.214.48.249 (Wed Feb 09 14:52:34 2011)
        196.214.48.249 (Wed Feb 09 14:52:37 2011)
        196.214.48.249 (Wed Feb 09 14:52:39 2011)
        196.214.48.249 (Wed Feb 09 14:52:43 2011)
        196.214.48.249 (Wed Feb 09 14:52:50 2011)
        196.214.48.249 (Wed Feb 09 14:52:53 2011)
        196.214.48.249 (Wed Feb 09 14:53:00 2011)
        196.214.48.249 (Wed Feb 09 14:53:08 2011)
        196.214.48.249 (Wed Feb 09 14:53:18 2011)
        196.214.48.249 (Wed Feb 09 14:53:25 2011)
        196.214.48.249 (Wed Feb 09 14:53:31 2011)
        196.214.48.249 (Wed Feb 09 14:53:38 2011)
        196.214.48.249 (Wed Feb 09 14:53:50 2011)
        196.214.48.249 (Wed Feb 09 14:53:58 2011)
        196.214.48.249 (Wed Feb 09 14:54:05 2011)
        196.214.48.249 (Wed Feb 09 14:54:15 2011)
        196.214.48.249 (Wed Feb 09 14:54:23 2011)
        196.214.48.249 (Wed Feb 09 14:54:26 2011)
        196.214.48.249 (Wed Feb 09 14:54:31 2011)
        196.214.48.249 (Wed Feb 09 14:54:39 2011)
        196.214.48.249 (Wed Feb 09 14:54:41 2011)
        196.214.48.249 (Wed Feb 09 14:54:45 2011)
        196.214.48.249 (Wed Feb 09 14:54:51 2011)
        196.214.48.249 (Wed Feb 09 14:54:58 2011)
        196.214.48.249 (Wed Feb 09 14:55:00 2011)
        196.214.48.249 (Wed Feb 09 14:55:03 2011)
        196.214.48.249 (Wed Feb 09 14:55:09 2011)
        196.214.48.249 (Wed Feb 09 14:55:16 2011)
        196.214.48.249 (Wed Feb 09 14:55:26 2011)
        196.214.48.249 (Wed Feb 09 14:55:34 2011)
        196.214.48.249 (Wed Feb 09 14:55:41 2011)
        196.214.48.249 (Wed Feb 09 14:55:50 2011)
        196.214.48.249 (Wed Feb 09 14:56:24 2011)
        196.214.48.249 (Wed Feb 09 14:58:33 2011)
        196.214.48.249 (Wed Feb 09 14:58:42 2011)
        196.214.48.249 (Wed Feb 09 14:59:56 2011)
        196.214.48.249 (Wed Feb 09 15:00:03 2011)
        196.214.48.249 (Wed Feb 09 15:00:51 2011)
        196.214.48.249 (Wed Feb 09 15:03:04 2011)
        196.214.48.249 (Wed Feb 09 15:05:06 2011)
        196.214.48.249 (Wed Feb 09 15:05:12 2011)
        196.214.48.249 (Wed Feb 09 15:05:26 2011)
        196.214.48.249 (Wed Feb 09 15:07:26 2011)
        196.214.48.249 (Wed Feb 09 15:08:34 2011)
        196.214.48.249 (Wed Feb 09 15:09:45 2011)
        196.214.48.249 (Wed Feb 09 15:10:11 2011)
        196.214.48.249 (Wed Feb 09 15:11:58 2011)
        196.214.48.249 (Wed Feb 09 15:14:04 2011)
        196.214.48.249 (Wed Feb 09 15:14:20 2011)
        196.214.48.249 (Wed Feb 09 15:15:05 2011)
        196.214.48.249 (Wed Feb 09 15:16:52 2011)
        196.214.48.249 (Wed Feb 09 15:18:39 2011)
        196.214.48.249 (Wed Feb 09 15:19:54 2011)
        196.214.48.249 (Wed Feb 09 15:20:02 2011)
        196.214.48.249 (Wed Feb 09 15:22:04 2011)
        196.214.48.249 (Wed Feb 09 15:22:19 2011)
        196.214.48.249 (Wed Feb 09 15:24:36 2011)
        196.214.48.249 (Wed Feb 09 15:24:42 2011)
        196.214.48.249 (Wed Feb 09 15:25:06 2011)
        196.214.48.249 (Wed Feb 09 15:27:13 2011)
        196.214.48.249 (Wed Feb 09 15:28:28 2011)
        196.214.48.249 (Wed Feb 09 15:28:36 2011)
        196.214.48.249 (Wed Feb 09 15:29:48 2011)
        196.214.48.249 (Wed Feb 09 15:30:17 2011)
        196.214.48.249 (Wed Feb 09 15:32:16 2011)
        196.214.48.249 (Wed Feb 09 15:34:33 2011)
        196.214.48.249 (Wed Feb 09 15:35:54 2011)
        196.214.48.249 (Wed Feb 09 15:35:57 2011)
        196.214.48.249 (Wed Feb 09 15:35:58 2011)
        196.214.48.249 (Wed Feb 09 15:36:00 2011)
        196.214.48.249 (Wed Feb 09 15:37:58 2011)
        196.214.48.249 (Wed Feb 09 15:38:38 2011)
        196.214.48.249 (Wed Feb 09 15:39:48 2011)
        196.214.48.249 (Wed Feb 09 15:39:57 2011)
        196.214.48.249 (Wed Feb 09 15:39:59 2011)
        196.214.48.249 (Wed Feb 09 15:40:03 2011)
        196.214.48.249 (Wed Feb 09 15:41:51 2011)
        196.214.48.249 (Wed Feb 09 15:44:15 2011)
        196.214.48.249 (Wed Feb 09 15:44:30 2011)
        196.214.48.249 (Wed Feb 09 15:45:23 2011)
    
    Date template hits:
    9412 hit(s): MONTH Day Hour:Minute:Second
    0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
    0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
    0 hit(s): Year/Month/Day Hour:Minute:Second
    0 hit(s): Day/Month/Year Hour:Minute:Second
    0 hit(s): Day/Month/Year Hour:Minute:Second
    0 hit(s): Day/MONTH/Year:Hour:Minute:Second
    0 hit(s): Month/Day/Year:Hour:Minute:Second
    0 hit(s): Year-Month-Day Hour:Minute:Second
    0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
    0 hit(s): Day-Month-Year Hour:Minute:Second
    0 hit(s): YearMonthDay Hour:Minute:Second
    0 hit(s): TAI64N
    0 hit(s): Epoch
    0 hit(s): ISO 8601
    0 hit(s): Hour:Minute:Second
    0 hit(s): <Month/Day/Year@Hour:Minute:Second>
    
    Success, the total number of match is 286
    
    However, look at the above section 'Running tests' which could contain important
    information.
    
    
    Sucess!!
     
  2. Conisant

    Conisant New Member

    You could tighten it up a little bit, because it is just a missing white-space

    Code:
    failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*)?$

    Greetings, Coni
     

Share This Page