Hello,
Does anyone have the correct Regex for ConfigServer Security & Firewall to monitor failed logins to NC?
Here’s what the logs look like:
{“reqId”:“WG5Y@-IxYfIX1CXkM9N16gAAAAY”,“remoteAddr”:“22.43.166.102”,“app”:“core”,“message”:“Login failed: ‘dmom’ (Remote IP: ‘22.43.166.102’)”,“level”:2,“time”:“2017-01-05T14:32:28+00:00”,“method”:“POST”,“url”:"/index.php/login?user=dmom",“user”:"–",“version”:“11.0.0.10”}
{“reqId”:“WG5Y-fIxYfIX1CXkM9N17QAAAAY”,“remoteAddr”:“22.43.166.102”,“app”:“core”,“message”:“Login failed: ‘dmom’ (Remote IP: ‘22.43.166.102’)”,“level”:2,“time”:“2017-01-05T14:32:30+00:00”,“method”:“POST”,“url”:"/index.php/login?user=dmom",“user”:"–",“version”:“11.0.0.10”}
{“reqId”:“WG5ZAPIxYfIX1CXkM9N18AAAAAY”,“remoteAddr”:“22.43.166.102”,“app”:“core”,“message”:“Login failed: ‘dmom’ (Remote IP: ‘22.43.166.102’)”,“level”:2,“time”:“2017-01-05T14:32:33+00:00”,“method”:“POST”,“url”:"/index.php/login?user=dmom",“user”:"–",“version”:“11.0.0.10”}
{“reqId”:“WG5ZAvIxYfIX1CXkM9N18wAAAAY”,“remoteAddr”:“22.43.166.102”,“app”:“core”,“message”:“Login failed: ‘dmom’ (Remote IP: ‘22.43.166.102’)”,“level”:2,“time”:“2017-01-05T14:32:36+00:00”,“method”:“POST”,“url”:"/index.php/login?user=dmom",“user”:"–",“version”:“11.0.0.10”}