fail2ban logs and filters for kolab 3.4 (on debian 7.8)
Matthias Busch
catwiesel at gmx.net
Sun Mar 29 04:08:03 CEST 2015
in case you guys want to use it...
here the regex filters (and log paths) for kolab 3.4 on debian 7.8
please note, the filters seem to work but they probably are not bullet
proof and/or the most efficient.
feel free to make them better :)
cyrus: /var/log/mail.info
(imaps|pop3s)\[[0-9]*\]: badlogin: \[<HOST>\]
(plain|PLAIN|login|plaintext) .*
postfix: /var/log/mail.info
postfix\/smtpd\[[0-9]*\]: warning: unknown\[<HOST>\]: SASL (PLAIN|LOGIN)
authentication failed: authentication failure
roundcube: /var/log/roundcubemails/userlogins
<.*> Failed login for .* from <HOST> in session .*
iRony: /var/log/iRony/userlogins
Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
freebusy: not yet logging IPs
chwala: /var/log/chwala/userlogins
<.*> Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*
syncroton: /var/log/syncroton/userlogins
Login failure for user [A-Za-z0-9 ]* from <HOST> in session .*$
kolab-webadmin: not yet logging IPs
More information about the users
mailing list