diff --git a/docs/filters/asterisk.preg b/docs/filters/asterisk.preg new file mode 100644 index 0000000..f2ccd44 --- /dev/null +++ b/docs/filters/asterisk.preg @@ -0,0 +1,4 @@ +SECURITY.* SecurityEvent="FailedACL".*RemoteAddress="IPV[46]/[TU][CD]P//[0-9]+" +SECURITY.* SecurityEvent="InvalidAccountID".*RemoteAddress="IPV[46]/[TU][CD]P//[0-9+]+" +SECURITY.* SecurityEvent="ChallengeResponseFailed".*RemoteAddress="IPV[46]/[TU][CD]P//[0-9]+" +SECURITY.* SecurityEvent="InvalidPassword".*RemoteAddress="IPV[46]/[TU][CD]P//[0-9]+" diff --git a/docs/filters/postfix.preg b/docs/filters/postfix.preg new file mode 100644 index 0000000..8caa378 --- /dev/null +++ b/docs/filters/postfix.preg @@ -0,0 +1,3 @@ +NOQUEUE: reject: RCPT from [[:print:]]+\[\]: 454 4\.7\.1 Service unavailable; Client host \[[[:print:]]+\] blocked +NOQUEUE: reject: RCPT from [[:print:]]+\[\]: 554 5\.7\.1 .* +warning: [[:print:]]+\[\]: SASL [A-Z0-9-]+ authentication failed diff --git a/docs/filters/ssh.preg b/docs/filters/ssh.preg new file mode 100644 index 0000000..cb6e945 --- /dev/null +++ b/docs/filters/ssh.preg @@ -0,0 +1,13 @@ +[Aa]uthentication failure for .* from ( via [[:print:]]*)? +[Aa]uthentication error for .* from ( via [[:print:]]*)? +User not known to the underlying authentication module for .* from +refused connect from [[:print:]]+ \(\) +Received disconnect from : [0-9]*: [[:print:]]: Auth fail +Did not receive identification string from +Invalid user [[:print:]]+ from +Connection closed by \[preauth\] +User [[:print:]]+ from not allowed because not listed in AllowUsers +User [[:print:]]+ from not allowed because listed in DenyUsers +User [[:print:]]+ from not allowed because not in any group +User [[:print:]]+ from not allowed because a group is listed in DenyGroups +User [[:print:]]+ from not allowed because none of user's groups are listed in AllowGroups