Thank you for the assist. The issue is that 657 lines were missed.
Lines: 682 lines, 0 ignored, 25 matched, 657 missed [processed in 0.45 sec] On 10/15/2017 01:41 PM, Tony Collins wrote:
Is it just me? I can't tell what the issue is!On Sun, 15 Oct 2017 at 21:02, A <publicf...@bak.rr.com <mailto:publicf...@bak.rr.com>> wrote:I can't be the first to encounter this... does anyone have a fix for the below please? Thank you in advance! - Andrew # fail2ban-regex /var/log/auth.log.1 /etc/fail2ban/filter.d/sshd. conf Running tests ============= Use failregex filter file : sshd, basedir: /etc/fail2ban Use maxlines : 10 Use log file : /var/log/auth.log.1 Use encoding : UTF-8 Results ======= Failregex: 25 total |- #) [# of hits] regular expression | 3) [10] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*Failed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ (?:[\da-f]{2}:){15}[\da-f]{2}(, client user ".*", client host ".*")?))?\s*$ | 5) [5] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$ | 16) [10] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*pam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$ `- Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [682] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? `- Lines: 682 lines, 0 ignored, 25 matched, 657 missed [processed in 0.45 sec] Missed line(s): too many to print. Use --print-all-missed to print all 657 lines ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net <mailto:Fail2ban-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- -- Tony Collins
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
