more ssh regexes

2023-11-05 12:00:00 +01:00
parent 50ce32d256
commit 52dc67ed34
3 changed files with 7 additions and 2 deletions
--- a/app/example.yml
+++ b/app/example.yml
@ -47,7 +47,9 @@ streams:
        regex:
          # <ip> is predefined in the patterns section
          # ip's regex is inserted in the following regex
-          - authentication failure;.*rhost=<ip>
+          - 'authentication failure;.*rhost=<ip>'
+          - 'Failed password for .* from <ip>'
+          - 'Connection reset by authenticating user .* <ip>'
        # if retry and retryperiod are defined,
        # the actions will only take place if a same pattern is
        # found `retry` times in a `retryperiod` interval