Thank you for the assist. I was expecting 682 lines to match.
Lines: 682 lines, 0 ignored, 25 matched, 657 missed [processed in 0.45 sec]
On 10/15/2017 01:40 PM, Bill Shirley wrote:
You failed to describe your problem. You got 25 matches and 657 that
didn't.
What are you expecting?
Bill
On 10/15/2017 3:47 PM, A wrote:
I can't be the first to encounter this... does anyone have a fix for
the below please?
Thank you in advance!
- Andrew
# fail2ban-regex /var/log/auth.log.1 /etc/fail2ban/filter.d/sshd.
conf
Running tests
=============
Use failregex filter file : sshd, basedir: /etc/fail2ban
Use maxlines : 10
Use log file : /var/log/auth.log.1
Use encoding : UTF-8
Results
=======
Failregex: 25 total
|- #) [# of hits] regular expression
| 3) [10] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[
*\d+\.\d+\] )?(?:@vserver_\S+
)?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
\d+ \S+\])?\s*Failed \S+ for .*? from <HOST>(?: port \d*)?(?:
ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+
(?:[\da-f]{2}:){15}[\da-f]{2}(, client user ".*", client host
".*")?))?\s*$
| 5) [5] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\]
)?(?:@vserver_\S+
)?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
\d+ \S+\])?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
| 16) [10] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[
*\d+\.\d+\] )?(?:@vserver_\S+
)?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
\d+ \S+\])?\s*pam_unix\(sshd:auth\):\s+authentication
failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [682] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?:
Year)?
`-
Lines: 682 lines, 0 ignored, 25 matched, 657 missed [processed in
0.45 sec]
Missed line(s): too many to print. Use --print-all-missed to print
all 657 lines
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
