From c8affe7502d5f8851205547874ca09a7421a081d Mon Sep 17 00:00:00 2001
From: Thuban <thuban@yeuxdelibad.net>
Date: Sat, 08 Dec 2018 16:32:31 +0000
Subject: [PATCH] update example

---
 vilain.conf |   20 ++++++++++++++------
 1 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/vilain.conf b/vilain.conf
index c12a92e..14ece6a 100644
--- a/vilain.conf
+++ b/vilain.conf
@@ -33,6 +33,14 @@
 logfile = /var/log/authlog
 regex = .* Connection closed by ([\S]+) .*
 
+#[ssh3]
+#logfile = /var/log/authlog
+#regex = .* Invalid user \w+ from ([\S]+) .*
+
+[ssh4]
+logfile = /var/log/authlog
+regex = .* Disconnected from authenticating user root ([\S]+) .*
+
 #[http404]
 #logfile = /var/www/logs/access.log
 #regex = (?:\S+\s){1}(\S+).*\s404\s.*
@@ -64,9 +72,9 @@
 # Nextcloud: login page
 # Nextcloud 12 brings protection against brute-force attacks
 # but 1/ not yet tested so far 2/ system protection is probably more efficient
-#[nextcloud]
-#logfile = /var/www/htdocs/datacloud/nextcloud.log
-#regex = .*Bruteforce attempt from \\"(.*)\\" detected
+[nextcloud]
+logfile = /var/www/htdocs/datacloud/nextcloud.log
+regex = .*Bruteforce attempt from \\"(.*)\\" detected
 
 # Nextcloud: public shares protected by password
 # regex is compliant with NginX log format:
@@ -74,6 +82,6 @@
 #        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 #                        '$status $body_bytes_sent "$http_referer" '
 #                        '"$http_user_agent" "$http_x_forwarded_for"';
-#[nextcloud-share]
-#logfile = /var/www/logs/access-nextcloud.log
-#regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200
+[nextcloud-share]
+logfile = /var/www/logs/access-nextcloud.log
+regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200

--
Gitblit v1.9.3