Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Having some difficulty getting this to work for successfulloginregex


        <PathAndMask>C:/Program Files/FileZilla Server/Logs/filezilla-server.log</PathAndMask>


I get this in logs

2022-04-17 00:08:57.1527|INFO|DigitalRuby.IPBanCore.Logger|Parsing as IP failed, checking dns '2022-04-17T04:08:49.329Z >> [FTP Session 39] PASS ****'
2022-04-17 00:08:57.1527|INFO|DigitalRuby.IPBanCore.Logger|Parsing as dns failed '2022-04-17T04:08:49.329Z >> [FTP Session 39] PASS ****'
2022-04-17T03:31:41.170Z << [FTP Session 38] 331 Please, specify the password.
2022-04-17T03:31:41.220Z >> [FTP Session 38] PASS ****
2022-04-17T03:31:41.283Z << [FTP Session 38 username] 230 Login successful.

Regex101 has highlighted the issue for me, it seems the regex engine used here is matching previous lines and not just single lines… how do I rectify this? I had to add more to the ‘failedloginregex’ to get this issue to go away, but I cannot seem to do anything to resolve this with successfulloginregex, any input is much appreciated

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:8 (5 by maintainers)

github_iconTop GitHub Comments

jjxtracommented, Apr 17, 2022

I updated the recipe

kimboslice99commented, Apr 25, 2022

@jjxtra Not sure if I should open a new issue, but how can I exclude IIS from event 4625 failed logins?

I have some sites with basic auth on IIS, but I’m using cloudflare’s proxy which uses CF-Connecting-IP header to log the real client IP address… I’ve tried changing the inbound header in IIS (url rewrite) like so

<set name="HTTP_X_REAL_IP" value="{HTTP_CF_CONNCTING_IP}" />

I’ve also tried X-Forwarded-For and X-Client-IP, but this doesn’t seem to work here, I suppose whats being logged in the event logger is before the URL rewrite can get to it, so I’d like to exclude IIS so I can use the log instead

Edit; would this be the right way to exclude IIS?

Read more comments on GitHub >

github_iconTop Results From Across the Web

RegExr: Learn, Build, & Test RegEx
Regular expression tester with syntax highlighting, PHP / PCRE & JS Support, contextual help, cheat sheet, reference, and searchable community patterns.
Read more > - Regex Tutorial, Examples and ...
A regular expression (regex or regexp for short) is a special text string for describing a search pattern. You can think of regular...
Read more >
regex101: build, test, and debug regex
Regular expression tester with syntax highlighting, explanation, cheat sheet for PHP/PCRE, Python, GO, JavaScript, Java, C#/.NET, Rust.
Read more >
Syntax for Regular Expressions
Syntax for Regular Expressions ; $, (dollar) Matches the end of the line or string of text that the regular expression is searching....
Read more >
regex :help! Enter your examples here: Capture groups. Use capturing groups. Digits. Convert digits to \d. Escape. Escape non-ASCII characters. Ignore case.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found