Hi
I want to move from fail 2 ban to csf and i use a regex to check var/log/freeswitch/debug.log for failed auth attempts
how would i translate that into a regex for csf?
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
help with regex
Re: help with regex
solved
if (($lgfile eq $config{CUSTOMFS_LOG}) and ($line =~ /^.*?\[WARNING\] sofia_reg.c:1402 SIP auth failure \(REGISTER\) on sofia profile '(.*?)' for \[(.*?)\] from ip (\d+\.\d+\.\d+\.\d+)$/)) {
return ("SIP auth failure on interface $1 for user $2",$3,"freeswitch","5","20,21","600");
}
if (($lgfile eq $config{CUSTOMFS_LOG}) and ($line =~ /^.*?\[WARNING\] sofia_reg.c:1402 SIP auth failure \(INVITE\) on sofia profile '(.*?)' for \[(.*?)\] from ip (\d+\.\d+\.\d+\.\d+)$/)) {
return ("SIP auth failure on interface $1 for user $2",$3,"freeswitch","5","20,21","600");
}
if (($lgfile eq $config{CUSTOMFS_LOG}) and ($line =~ /^.*?\[WARNING\] sofia_reg.c:1402 SIP auth failure \(REGISTER\) on sofia profile '(.*?)' for \[(.*?)\] from ip (\d+\.\d+\.\d+\.\d+)$/)) {
return ("SIP auth failure on interface $1 for user $2",$3,"freeswitch","5","20,21","600");
}
if (($lgfile eq $config{CUSTOMFS_LOG}) and ($line =~ /^.*?\[WARNING\] sofia_reg.c:1402 SIP auth failure \(INVITE\) on sofia profile '(.*?)' for \[(.*?)\] from ip (\d+\.\d+\.\d+\.\d+)$/)) {
return ("SIP auth failure on interface $1 for user $2",$3,"freeswitch","5","20,21","600");
}