Re: [Fail2ban-users] ubuntu 16.04 / Lines: 682 lines, 0 ignored, 25 matched, 657 missed

Sun, 15 Oct 2017 13:43:50 -0700 

Is it just me? I can't tell what the issue is!


On Sun, 15 Oct 2017 at 21:02, A <publicf...@bak.rr.com> wrote:

> I can't be the first to encounter this...  does anyone have a fix for the
> below please?
>
> Thank you in advance!
>
> - Andrew
>
> # fail2ban-regex /var/log/auth.log.1 /etc/fail2ban/filter.d/sshd.
> conf
>
> Running tests
> =============
>
> Use   failregex filter file : sshd, basedir: /etc/fail2ban
> Use         maxlines : 10
> Use         log file : /var/log/auth.log.1
> Use         encoding : UTF-8
>
>
> Results
> =======
>
> Failregex: 25 total
> |-  #) [# of hits] regular expression
> |   3) [10] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\]
> )?(?:@vserver_\S+
> )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
> \d+ \S+\])?\s*Failed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(:
> (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+
> (?:[\da-f]{2}:){15}[\da-f]{2}(, client user ".*", client host ".*")?))?\s*$
> |   5) [5] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\]
> )?(?:@vserver_\S+
> )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
> \d+ \S+\])?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
> |  16) [10] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\]
> )?(?:@vserver_\S+
> )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
> \d+ \S+\])?\s*pam_unix\(sshd:auth\):\s+authentication
> failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
> `-
>
> Ignoreregex: 0 total
>
> Date template hits:
> |- [# of hits] date format
> |  [682] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
> `-
>
> Lines: 682 lines, 0 ignored, 25 matched, 657 missed [processed in 0.45
> sec]
> Missed line(s): too many to print.  Use --print-all-missed to print all
> 657 lines
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
-- 
-- Tony Collins

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to