--- nfo/projects/anfud/bin/anfud.sh	2004/11/12 08:05:09	1.1
+++ nfo/projects/anfud/bin/anfud.sh	2005/12/10 12:25:34	1.2
@@ -2,7 +2,7 @@
 #---------------------------------------------------------------------
 #- Adjusting net filter updater daemon
 #- rabit@netfrag.org, 01.11.2004
-I='$Id: anfud.sh,v 1.1 2004/11/12 08:05:09 rabit Exp $'
+I='$Id: anfud.sh,v 1.2 2005/12/10 12:25:34 rabit Exp $'
 #---------------------------------------------------------------------
 #- Functions:
 
@@ -234,12 +234,14 @@
 		tail --bytes=$[LogSize - OldLogSize] $SCANLOG | \
 		  while read LogFileLine; do
 
+			DateTime=`echo "\$LogFileLine" | awk -F' ' '{ print $1 " " $2 " " $3 }'`
+			LogFileMsg=`echo "\$LogFileLine" | awk -F' ' '{ $1=""; $2=""; $3=""; print $0 }'`
+
 			case "$LogFileLine" in
 
 			($MatchP1)
-				IP=`echo "\$LogFileLine" | cut -d' ' -f11`
-				DateTime=`echo "\$LogFileLine" | cut -d' ' -f1-4`
-				Username=`echo "\$LogFileLine" | cut -d' ' -f9`
+				Username=`echo "\$LogFileMsg" | cut -d' ' -f8`
+				IP=`echo "\$LogFileMsg" | cut -d' ' -f10`
 				logmessage "SSH: illegal login as '$Username' from '$IP' at '$DateTime'."
 				[ "$DROP_SSH_ILLEGALUSER" == 1 ] && dropaddress $IP
 				;;
@@ -248,9 +250,8 @@
 				;;
 
 			($MatchP2)
-				IP=`echo "\$LogFileLine" | cut -d' ' -f12`
-				DateTime=`echo "\$LogFileLine" | cut -d' ' -f1-4`
-				Username=`echo "\$LogFileLine" | cut -d' ' -f10`
+				Username=`echo "\$LogFileMsg" | cut -d' ' -f9`
+				IP=`echo "\$LogFileMsg" | cut -d' ' -f11`
 				logmessage "SSH: failed password for '$Username' from '$IP' at '$DateTime'."
 				dropaddress $IP
 				;;
@@ -259,17 +260,15 @@
 				;;
 
 			($MatchP3)
-				IP=`echo "\$LogFileLine" | cut -d' ' -f14`
-				DateTime=`echo "\$LogFileLine" | cut -d' ' -f1-4`
-				Username=`echo "\$LogFileLine" | cut -d' ' -f12`
+				Username=`echo "\$LogFileMsg" | cut -d' ' -f11`
+				IP=`echo "\$LogFileMsg" | cut -d' ' -f13`
 				logmessage "SSH: incorrect password for '$Username' from '$IP' at '$DateTime'."
 				dropaddress $IP
 				;;
 
 			($MatchFTP_P1)
-				Address=`echo "\$LogFileLine" | cut -d' ' -f11`
-				DateTime=`echo "\$LogFileLine" | cut -d' ' -f1-4`
-				Username=`echo "\$LogFileLine" | cut -d' ' -f12`
+				Address=`echo "\$LogFileMsg" | cut -d' ' -f10`
+				Username=`echo "\$LogFileMsg" | cut -d' ' -f11`
 				Address=${Address/,}
 				IP=$(resolveip -s $Address)
 				logmessage "FTP: failed login as '$Username' from '$IP' at '$DateTime'."