/decoders/50_telnet_decoder.xml
XML | 25 lines | 8 code | 5 blank | 12 comment | 0 complexity | 8af56850a03434a8cd7d75784a5add75 MD5 | raw file
1 2 3 4<!-- 5 - Telnet decoder 6 - Will extract the srcip 7 - Examples: 8 - May 31 12:33:44 queen telnetd[9876]: warning: can't verify hostname: 9 gethostbyname(131.1.satis-tl.ru) failed 10 - May 29 21:12:18 queen telnetd[6474]: refused connect from 81.215.42.27 11 - Jun 1 23:02:07 queen telnetd[62948]: connect from external.example.net 12 - Jun 1 23:02:07 queen telnetd[62948]: ttloop: read: A connection with a remote socket was reset by that socket. 13 - Jun 2 09:54:28 valhalla in.telnetd[19723]: [ID 927837 local2.info] connect from external.example.net 14 - Jun 2 09:54:28 valhalla telnetd[19723]: [ID 485252 daemon.info] ttloop: peer died: Error 0 15 --> 16<decoder name="telnetd"> 17 <program_name>^telnetd|^in.telnetd</program_name> 18</decoder> 19 20<decoder name="telnetd-ip"> 21 <parent>telnetd</parent> 22 <regex>from (\d+.\d+.\d+.\d+)$</regex> 23 <order>srcip</order> 24</decoder> 25