Handle Spanish

jjxtra · jjxtra · commit b7b0a97471d5 · 2023-01-04T12:50:51.000-07:00
diff --git a/IPBanCore/ipban.config b/IPBanCore/ipban.config
@@ -403,6 +403,7 @@ Examples to capture:
 -Reason: An error occurred while evaluating the password
 -Login failed for user 'username'. Reason: Failed to open the database 'db' configured in the session recovery object while recovering the connection. [CLIENT: 1.1.1.1]
 -Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Could not find a login matching the name provided. [CLIENT: 1.1.1.1]
+-Motivo: no se encontró un inicio de sesión que coincida con el nombre proporcionado.
 
 Examples to ignore:
 Login failed for user 'cenptuser'. Reason: Failed to open the explicitly specified database 'db'. [CLIENT: 1.1.1.1]
@@ -417,7 +418,7 @@ Login failed for user 'cenptuser'. Reason: Failed to open the explicitly specifi
             <XPath>(//Data)[3]</XPath>
             <Regex>
               <![CDATA[
-                \[CLIENT\s?:\s?(?<ipaddress>[^\]]+)\]
+                \[CLIENTE?\s?:\s?(?<ipaddress>[^\]]+)\]
               ]]>
             </Regex>
           </Expression>
@@ -825,7 +826,7 @@ Login failed for user 'cenptuser'. Reason: Failed to open the explicitly specifi
             <XPath>(//Data)[2]</XPath>
             <Regex>
               <![CDATA[
-                \[CLIENT\s?:\s?(?<ipaddress>[^\]]+)\]
+                \[CLIENTE?\s?:\s?(?<ipaddress>[^\]]+)\]
               ]]>
             </Regex>
           </Expression>
diff --git a/IPBanTests/IPBanConfigTests.cs b/IPBanTests/IPBanConfigTests.cs
@@ -169,7 +169,7 @@ private static void AssertEventViewer(IPBanConfig cfg)
             AssertEventViewerGroup(groups[0], "0x8010000000000000", minimumWindowsMajorVersion, 0, false, "Security", "RDP", "//EventID", "^(?<log>4625|5152)$", "//Data[@Name='IpAddress' or @Name='Workstation' or @Name='SourceAddress']", "(?<ipaddress>.+)", "//Data[@Name='ProcessName']", "(?<source_IIS>c:\\\\Windows\\\\System32\\\\inetsrv\\\\w3wp.exe)?$");
             AssertEventViewerGroup(groups[1], "0x8010000000000000", minimumWindowsMajorVersion, 0, false, "Security", "RDP", "//EventID", "^(?<log>4653)$", "//Data[@Name='FailureReason']", ".", "//Data[@Name='RemoteAddress']", "(?<ipaddress>.+)");
             AssertEventViewerGroup(groups[2], "0x80000000000000", minimumWindowsMajorVersion, 0, false, "Application", "IPBanCustom", "//Data", @"(?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?(?<log>ipban\sfailed\slogin),\sip\saddress:\s(?<ipaddress>[^,]+),\ssource:\s(?<source>[^,]+)?,\suser:\s(?<username>[^\s,]+)?");
-            AssertEventViewerGroup(groups[3], "0x90000000000000", minimumWindowsMajorVersion, 0, false, "Application", "MSSQL", "//Provider[contains(@Name,'MSSQL')]", string.Empty, "//EventID", "^(?<log>18456)$", "(//Data)[1]", "^(?<username>.+)$", "(//Data)[2]", @"^(?:(?!Reason:\sFailed\sto\sopen\sthe(?:\sexplicitly\sspecified)?\sdatabase)(?:.))+$", "(//Data)[3]", @"\[CLIENT\s?:\s?(?<ipaddress>[^\]]+)\]");
+            AssertEventViewerGroup(groups[3], "0x90000000000000", minimumWindowsMajorVersion, 0, false, "Application", "MSSQL", "//Provider[contains(@Name,'MSSQL')]", string.Empty, "//EventID", "^(?<log>18456)$", "(//Data)[1]", "^(?<username>.+)$", "(//Data)[2]", @"^(?:(?!Reason:\sFailed\sto\sopen\sthe(?:\sexplicitly\sspecified)?\sdatabase)(?:.))+$", "(//Data)[3]", @"\[CLIENTE?\s?:\s?(?<ipaddress>[^\]]+)\]");
             AssertEventViewerGroup(groups[4], "0x80000000000000", minimumWindowsMajorVersion, 0, false, "Application", "MySQL", "//Provider[@Name='MySQL' or @Name='MariaDB']", string.Empty, "//Data", "(?<log>Access denied for user) '?(?<username>[^']+)'@'(?<ipaddress>[^']+)'");
             AssertEventViewerGroup(groups[5], "0x80000000000000", minimumWindowsMajorVersion, 0, false, "Application", "PostgreSQL", "//Provider[@Name='PostgreSQL']", string.Empty, "//Data", "host=(?<ipaddress>[^ ]+)");
             AssertEventViewerGroup(groups[6], "0x80000000000000", minimumWindowsMajorVersion, 0, false, "System", "MSExchange", "//Provider[@Name='MSExchangeTransport']", string.Empty, "//Data", "(?<log>LogonDenied)", "//Data", "(?<ipaddress_exact>.+)");
@@ -188,7 +188,7 @@ private static void AssertEventViewer(IPBanConfig cfg)
             AssertEventViewerGroup(groups[2], "0x80000000000000", minimumWindowsMajorVersion, 0, true, "Application", "IPBanCustom", "//Data", @"(?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?ipban\ssuccess\slogin,\sip\saddress:\s(?<ipaddress>[^,]+),\ssource:\s(?<source>[^,]+)?,\suser:\s(?<username>[^\s,]+)?");
             AssertEventViewerGroup(groups[3], "0x80000000000000", minimumWindowsMajorVersion, 0, true, "Application", "VNC", "//EventID", "^257$", "//Data", @"Authentication\spassed\sby\s(?<ipaddress>.+)");
             AssertEventViewerGroup(groups[4], "0x8020000000000000", minimumWindowsMajorVersion, 0, true, "System", "RRAS", "//EventID", "^6272$", "//Data[@Name='SubjectUserName']", @"(?<username>[^\\\/]+)$", "//Data[@Name='CallingStationID']", "(?<ipaddress>.+)", "//Data[@Name='EAPType']", "\\s?secured\\spassword\\s?");
-            AssertEventViewerGroup(groups[5], "0xa0000000000000", minimumWindowsMajorVersion, 0, true, "Application", "MSSQL", "//Provider[contains(@Name,'MSSQL')]", string.Empty, "//EventID", "^(?<log>18454)$", "(//Data)[1]", "^(?<username>.+)$", "(//Data)[2]", @"\[CLIENT\s?:\s?(?<ipaddress>[^\]]+)\]");
+            AssertEventViewerGroup(groups[5], "0xa0000000000000", minimumWindowsMajorVersion, 0, true, "Application", "MSSQL", "//Provider[contains(@Name,'MSSQL')]", string.Empty, "//EventID", "^(?<log>18454)$", "(//Data)[1]", "^(?<username>.+)$", "(//Data)[2]", @"\[CLIENTE?\s?:\s?(?<ipaddress>[^\]]+)\]");
         }
 
         [Test]
