Generalisation of new SSH regex
This commit is contained in:
ppom
@ -55,7 +55,7 @@ streams:
|
||||
# ip's regex is inserted in the following regex
|
||||
- 'authentication failure;.*rhost=<ip>'
|
||||
- 'Failed password for .* from <ip>'
|
||||
- 'Connection reset by authenticating user .* <ip>'
|
||||
- 'Connection (reset|closed) by (authenticating|invalid) user .* <ip>'
|
||||
# if retry and retryperiod are defined,
|
||||
# the actions will only take place if a same pattern is
|
||||
# found `retry` times in a `retryperiod` interval
|
||||
|
||||
Reference in New Issue
Block a user