ACZoom  ·  Archive-2016

Could you print here a bad-login line from your proftpd log? It could be that it's not matching a ":" character, I just had this problem... It's either ProFTPd 1.3.0-19 or the fact that I used syslog-ng... In any case you could try these regex, they worked for me :

    "ProFTPD-NoPassword": r"""proftpd\[(?P<pid>\d+)\] [^[]+\[(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).+Login failed""",

    "ProFTPD-NoUser": r"""proftpd\[(?P<pid>\d+)\] [^[]+\[(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).+no such user""",

    "ProFTPD-SecurityViolation": r"""proftpd\[(?P<pid>\d+)\] [^[]+\[(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).+SECURITY VIOLATION""",

(Those have to be on one line only in the config file)

Editor: added pre/pre tags around regex, and changed < to &lt; to make it show up.