BFD rule for proftp and dovecot

[roly]

hi

the standard bfd rule for proftp is for "no such user found from" what i would like is a rule for that in addition to a correct username login but incorrect password. does anyone have a working rule that they can show me?

also i can't seem to get the dovecot rule to work, has anyone got a working rule for that they could show me please?

many thanks in advance

roland

 

[roly]

managed to get it working now, this worked (courtesy of an older post i found on here)

REQ="/usr/sbin/dovecot"
if [ -f "$REQ" ]; then
LP="/var/log/maillog"
TLOG_TF="pop3"
TRIG="10"

## pop3
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF |grep dovecot |grep -w "failed" |grep auth |grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'`
fi