How to test custom regex

Post Reply
vhortex
Junior Member
Posts: 3
Joined: 24 Apr 2017, 11:42

How to test custom regex

Post by vhortex »

Hi,

EDIT: OS is CentOS 7 / CSF Version 10.06

How can I test if custom regex is firing or working?

CUSTOM1_LOG is set as /var/log/maillog

I have this in regex.custom.pm

Code: Select all

if (($globlogs{CUSTOM1_LOG} {$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
    return ("Failed SASL login from",$1,"mysaslmatch","3","25","3600");
}
Sample log is

Code: Select all

Apr 24 16:09:33 xxxxxx postfix/smtpd[8653]: warning: unknown[94.42.190.58]: SASL LOGIN authentication failed: authentication failure
However it does not seem to trigger.
vhortex
Junior Member
Posts: 3
Joined: 24 Apr 2017, 11:42

Re: How to test custom regex

Post by vhortex »

After further checking, it takes approximately 1 hour before CSF adjusted and pick failures. Note I have 1800 items in the deny list.
rolypoly
Junior Member
Posts: 5
Joined: 04 Sep 2015, 06:30

Re: How to test custom regex

Post by rolypoly »

why does it take 1 hour to pick up failure??
i thought it should be instant checking after restart csf?
Post Reply