Page 1 of 1

How to test custom regex

Posted: 24 Apr 2017, 11:50
by vhortex
Hi,

EDIT: OS is CentOS 7 / CSF Version 10.06

How can I test if custom regex is firing or working?

CUSTOM1_LOG is set as /var/log/maillog

I have this in regex.custom.pm

Code: Select all

if (($globlogs{CUSTOM1_LOG} {$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
    return ("Failed SASL login from",$1,"mysaslmatch","3","25","3600");
}
Sample log is

Code: Select all

Apr 24 16:09:33 xxxxxx postfix/smtpd[8653]: warning: unknown[94.42.190.58]: SASL LOGIN authentication failed: authentication failure
However it does not seem to trigger.

Re: How to test custom regex

Posted: 25 Apr 2017, 07:27
by vhortex
After further checking, it takes approximately 1 hour before CSF adjusted and pick failures. Note I have 1800 items in the deny list.

Re: How to test custom regex

Posted: 26 Apr 2017, 09:57
by rolypoly
why does it take 1 hour to pick up failure??
i thought it should be instant checking after restart csf?