Your message dated Thu, 17 Jul 2008 22:15:53 -0400 with message-id <[EMAIL PROTECTED]> has caused the report #491253, regarding fail2ban: all regexes fail to be marked as having been forwarded to the upstream software author(s) Andrew Schulman <[EMAIL PROTECTED]>, Cyril Jaquier <[EMAIL PROTECTED]>
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 491253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491253 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---seems to be a problem of unknown time format... unknown for auto-detection, so you would need to craft regex for it + time definition for python's time. Or just wait for upstream to follow-up (I am CCing Cyril) I am trying with fail2ban-regex, and there is also imho a bit wrong logic. It seems to don't even report a match for failregex now if datestamp is not recognized: def processLine(self, line): try: # Decode line to UTF-8 l = line.decode('utf-8') except UnicodeDecodeError: l = line timeMatch = self.dateDetector.matchTime(l) if not timeMatch: # There is no valid time in this line return [] ... On Thu, 17 Jul 2008, Andrew Schulman wrote: > Package: fail2ban > Version: 0.8.2-3 > Severity: important > Hi. I'm trying to develop a new filter rule for SSL Explorer. A > typical authentication failure in > /opt/sslexplorer/logs/sslexplorer.log looks like this: > 17-07-2008 17:23:25 [main-6] ERROR LogonAction - [161.80.31.219] > authentication failed > Seems simple enough to match: > failregex = \[<HOST>\] authentication failed > But neither this, nor in fact any other regex that I can think to try > so far, works. All of the following result in 'Sorry, no match': > line='17-07-2008 17:23:25 [main-6] ERROR LogonAction - [161.80.31.219] > authentication failed' > fail2ban-regex "$line" '\[<HOST>\]' > fail2ban-regex "$line" '^.*\[<HOST>\]' > fail2ban-regex "$line" '<HOST>' > In fact, AFAICT all regexes fail in all cases: even > fail2ban-regex '1.2.3.4' '(?P<host>.*)' > results in 'Sorry, no match' on my host. > At this point I'm completely out of ideas about what I'm doing wrong > or how to makes any regexes match. Any help would be greatly > appreciated. > Thanks, > Andrew. > -- System Information: > Debian Release: lenny/sid > APT prefers testing > APT policy: (990, 'testing'), (300, 'unstable'), (200, 'stable'), (1, > 'experimental') > Architecture: amd64 (x86_64) > Kernel: Linux 2.6.24 (SMP w/2 CPU cores; PREEMPT) > Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set > to en_US) > Shell: /bin/sh linked to /bin/bash > Versions of packages fail2ban depends on: > ii lsb-base 3.2-12 Linux Standard Base 3.2 init > scrip > ii python 2.5.2-1 An interactive high-level > object-o > ii python-central 0.6.7 register and build utility for > Pyt > Versions of packages fail2ban recommends: > ii iptables 1.4.0-1 administration tools for packet > fi > ii whois 4.7.26 the GNU whois client > -- no debconf information -- Yaroslav Halchenko Research Assistant, Psychology Department, Rutgers-Newark Student Ph.D. @ CS Dept. NJIT Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171 101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102 WWW: http://www.linkedin.com/in/yarik
--- End Message ---
