I have also this kind of log, maybe it's easier: Aug 3 06:25:51 ns111111 pound: 141.101.96.94 POST /xmlrpc.php HTTP/1.1 - HTTP/1.1 200 OK
So I tried this, and it's ok : fail2ban-regex 'Aug 3 06:25:51 ns111111 pound: 141.101.96.94 POST /xmlrpc.php HTTP/1.1 - HTTP/1.1 200 OK' 'ns111111 pound: <HOST> .*POST .*xmlrpc\.php.*' fail2ban-regex 'Aug 3 06:25:51 ns111111 pound: 141.101.96.94 POST /xmlrpc.php HTTP/1.1 - HTTP/1.1 200 OK' 'ns111111 pound\: <HOST> .*POST .*xmlrpc\.php.*' Thks for the help Regards -- Baka 2015-08-03 8:37 GMT+02:00 BaKaLeGuM <bakale...@gmail.com>: > thanks for your answer : > > this is my test > > Failregex > |- Regular expressions: > | [1] ^<HOST> .*POST .*xmlrpc\.php.* > | [2] ^.* server\.ovh\.net pound: my\.website\.pro <HOST> (- -) \[.*\] > \"POST.* > | > `- Number of matches: > [1] 0 match(es) > [2] 0 match(es) > > Ignoreregex > |- Regular expressions: > | > `- Number of matches: > > Summary > ======= > > Sorry, no match > > > > Is it normal that there is no xmlrpc\.php in the rule ? > > Regards > > > -- > Baka > > 2015-08-03 1:19 GMT+02:00 Harrison Johnson <hjohnson...@cox.net>: > >> try this: >> >> ^.* myserver pound: my\.website\.com <host> (- -) \[.*\] \"POST.* >> >> On Sun, 2015-08-02 at 20:21 +0200, BaKaLeGuM wrote: >> >> http://www.google.com/bot.html)" >> >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> >
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
