Exim log file format not recognized by sshguard

D

DA-Rff

Verified User
Joined
Dec 4, 2006
Messages
119
I am running sshguard with ipfw

sshguard does not recognize the following as a threat - this comes from: /var/log/exim/mainlog

Code: 
2014-04-28 04:46:58 login authenticator failed for host66-15-static.59-217-b.business.telecomitalia.it (tyeczvfg.com) [217.59.15.66]: 535 Incorrect authentication data

The folllowing line is recognized fine:

Code: 
XYZ auth_plaintext authenticator failed for XYZ [6.6.6.0]:14432 I=XYZ : 535 Incorrect authentication data (set_id=test)

So here's the question:

How can I specify the log file format for exim?

thanks!
 
Thanks scsi, I already dropped them a request to add this attack signature to sshguard

Thanks Jeff, will first wait for sshguard, to see if they can incorporate current signature.
 
I hope they can accommodate you and other users. But... I wrote the log selector section myself, years ago, taking into consideration what I thought would make logs most readable and most usable. They're definitely not standard.

Jeff
 
Jeff,

Thanks for that, better to play with the log selector then to get it to what sshguard recognizes.

Would it be safe to say that if I comment out your section in current exim.conf that it reverts to default?

Or alternative question:

How can I adjust the log_selector so it starts with this pattern:

XYZ auth_plaintext authenticator failed for XYZ [6.6.6.0]:14432 I=XYZ : 535 Incorrect authentication data (set_id=test)
Click to expand...

thanks
 
Last edited:
I really don't know. You can tr it and see, but check to make sure logging doesn't default to 'off'.

Jeff
 
You must log in or register to reply here.
Back
Top