From 57553e4a3c4c178fa8463a3e3f41d046434eac30 Mon Sep 17 00:00:00 2001
From: john <john@rrci.com>
Date: Thu, 5 Dec 2019 11:06:11 -0500
Subject: [PATCH] Cosmetic edits

---
 README.md | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 25d5b18..75e3063 100644
--- a/README.md
+++ b/README.md
@@ -35,24 +35,24 @@ default that IP will be blocked.
 ```
 LOGTYPE auth {
 
-# Where to find the log files
+   # Where to find the log files
    DIR= /var/log
    PREFIX= auth.log
 
-# How to read the timestamp
+   # How to read the timestamp
    TIMESTAMP auth_ts {
-# isolates the timestamp from a line matched by a TARGET
+      # isolates the timestamp from a line matched by a TARGET
       REGEX= ^(.*) srv
-# Passed to strptime() to intrepret the timestamp string
+      # Passed to strptime() to intrepret the timestamp string
       STRPTIME= %b %d %T
-# These stamps do not include the year, so it is implied.
+      # These stamps do not include the year, so it is implied.
       FLAGS= GUESS_YEAR
    }
 
    TARGET imap {
-# Pattern to search for, isolates the IP address
+      # Pattern to search for, isolates the IP address
       REGEX= imapd.*Login failed.*\[([0-9.a-f:]+)\]$
-# Assign this as the severity of the offense.
+      # Assign this as the severity of the offense.
       SEVERITY= 3
    }
 
@@ -69,9 +69,8 @@ LOGTYPE auth {
 
    TARGET dovecot {
       SEVERITY= 3
-      REGEX= dovecot.*authentication failure.*rhost=([0-9.]+)
+      REGEX= dovecot.*authentication failure.*rhost=([0-9.a-f:]+)
    }
-
 }
 ```