How to test custom regex

[vhortex]

Hi,

EDIT: OS is CentOS 7 / CSF Version 10.06

How can I test if custom regex is firing or working?

CUSTOM1_LOG is set as /var/log/maillog

I have this in regex.custom.pm

Code: Select all

if (($globlogs{CUSTOM1_LOG} {$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
    return ("Failed SASL login from",$1,"mysaslmatch","3","25","3600");
}

Sample log is

Code: Select all

Apr 24 16:09:33 xxxxxx postfix/smtpd[8653]: warning: unknown[94.42.190.58]: SASL LOGIN authentication failed: authentication failure

However it does not seem to trigger.

[vhortex]

After further checking, it takes approximately 1 hour before CSF adjusted and pick failures. Note I have 1800 items in the deny list.

[rolypoly]

why does it take 1 hour to pick up failure??
i thought it should be instant checking after restart csf?