Hi, I am trying to pick up the following from repeat entries from my mail log:
Sep 12 15:46:34 server postfix/smtpd[5131]: connect from unknown[155.133.19.129] Sep 12 15:46:34 server postfix/smtpd[5131]: disconnect from unknown[155.133.19.129] The lines are adjacent but the host may change. I've tried using the following: [Init] maxlines = 2 [Definition] _daemon = postfix/smtpd failregex = ^%(__prefix_line)sconnect from unknown\[<HOST>\]$\n^%(__prefix_line)sdisconnect from unknown\[<HOST>\]$ Each individual line works on its own but the filter fails when I test the for both lines together. I suspect it is because of the repeat use of <HOST> but it is beyond my knowledge of regex (variables?) to fix it. Can anyone help me please? Thanks, Nick ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
