-
Notifications
You must be signed in to change notification settings - Fork 0
/
KerioConnect.ipban.config
47 lines (37 loc) · 1.83 KB
/
KerioConnect.ipban.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
...
<LogFilesToParse>
<LogFiles>
<LogFile>
<Source>Kerio Connect Security</Source>
<PathAndMask>E:/Kerio/Store/logs/security.log</PathAndMask>
<FailedLoginRegex>
<![CDATA[
^\[(?<timestamp>.*?)\]\s.*:\sInvalid\spassword\sfor\suser\s(?<username>[^;]+?)\.\sAttempt\sfrom\sIP\saddress\s(?<ipaddress>(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\.$|
^\[(?<timestamp>.*?)\]\sFailed\sSMTP\slogin\sfrom\s(?<ipaddress>(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s.*$
]]>
</FailedLoginRegex>
<SuccessfulLoginRegex>
</SuccessfulLoginRegex>
<PlatformRegex>Windows</PlatformRegex>
<PingInterval>10000</PingInterval>
<MaxFileSize>0</MaxFileSize>
<FailedLoginRegexTimestampFormat>dd/M/yyyy HH:mm:ss</FailedLoginRegexTimestampFormat>
</LogFile>
<!-- <LogFile> -->
<!-- <Source>Kerio Connect Failed SMTP login</Source> -->
<!-- <PathAndMask>E:/Kerio/Store/logs/security.log</PathAndMask> -->
<!-- <FailedLoginRegex> -->
<!-- <![CDATA[ -->
<!-- ^\[(?<timestamp>.*?)\]\sFailed\sSMTP\slogin\sfrom\s(?<ipaddress>(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s.*$ -->
<!-- ]]> -->
<!-- </FailedLoginRegex> -->
<!-- <SuccessfulLoginRegex> -->
<!-- </SuccessfulLoginRegex> -->
<!-- <PlatformRegex>Windows</PlatformRegex> -->
<!-- <PingInterval>10000</PingInterval> -->
<!-- <MaxFileSize>0</MaxFileSize> -->
<!-- <FailedLoginRegexTimestampFormat>dd/M/yyyy HH:mm:ss</FailedLoginRegexTimestampFormat> -->
<!-- </LogFile> -->
</LogFiles>
</LogFilesToParse>
...