From 7d74afef79b993b035ccd5f4ea5c3e0ba632b079 Mon Sep 17 00:00:00 2001
From: Roger Pau Monne <roger.pau@entel.upc.edu>
Date: Tue, 7 Feb 2012 20:50:30 +0100
Subject: testing/sshguard: fix parsing of busybox syslog

---
 testing/sshguard/parser.patch | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 testing/sshguard/parser.patch

(limited to 'testing/sshguard/parser.patch')

diff --git a/testing/sshguard/parser.patch b/testing/sshguard/parser.patch
new file mode 100644
index 0000000000..51f9915e18
--- /dev/null
+++ b/testing/sshguard/parser.patch
@@ -0,0 +1,11 @@
+--- sshguard-1.5/src/parser/attack_scanner.l
++++ sshguard-1.5-mod/src/parser/attack_scanner.l
+@@ -107,7 +107,7 @@
+   */
+ 
+  /* handle entries with PID and without PID from processes other than sshguard */
+-{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+{PROCESSNAME}"["{NUMBER}"]: "{SOLARIS_MSGID_TAG}? {
++{TIMESTAMP_SYSLOG}[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+([a-zA-Z0-9]|{WORD}|{HOSTADDR})[ ]+{PROCESSNAME}"["{NUMBER}"]: "{SOLARIS_MSGID_TAG}? {
+         /* extract PID */
+         yylval.num = getsyslogpid(yytext, yyleng);
+         return SYSLOG_BANNER_PID;
-- 
cgit v1.2.3