Thanks again Denis.
Running the regex test I get:
$ fail2ban-regex /private/var/log/stunnel.log
/usr/local/etc/fail2ban/filter.d/stunnel.conf
Running tests
=============
Use failregex filter file : stunnel, basedir: /usr/local/etc/fail2ban
Traceback (most recent call last):
File "/usr/local/Cellar/fail2ban/0.10.4/libexec/bin/fail2ban-regex", line 34,
in <module>
exec_command_line()
File
"/usr/local/Cellar/fail2ban/0.10.4/libexec/lib/python2.7/site-packages/fail2ban/client/fail2banregex.py",
line 698, in exec_command_line
if not fail2banRegex.start(args):
File
"/usr/local/Cellar/fail2ban/0.10.4/libexec/lib/python2.7/site-packages/fail2ban/client/fail2banregex.py",
line 599, in start
if not self.readRegex(cmd_regex, 'fail'): # pragma: no cover
File
"/usr/local/Cellar/fail2ban/0.10.4/libexec/lib/python2.7/site-packages/fail2ban/client/fail2banregex.py",
line 345, in readRegex
reader.getOptions(None)
File
"/usr/local/Cellar/fail2ban/0.10.4/libexec/lib/python2.7/site-packages/fail2ban/client/configreader.py",
line 319, in getOptions
self, "Definition", self._configOpts, pOpts)
File
"/usr/local/Cellar/fail2ban/0.10.4/libexec/lib/python2.7/site-packages/fail2ban/client/configreader.py",
line 147, in getOptions
return self._cfg.getOptions(section, *args, **kwargs)
File
"/usr/local/Cellar/fail2ban/0.10.4/libexec/lib/python2.7/site-packages/fail2ban/client/configreader.py",
line 245, in getOptions
v = self.get(sec, optname, vars=pOptions)
File
"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ConfigParser.py",
line 623, in get
return self._interpolate(section, option, value, d)
File
"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ConfigParser.py",
line 691, in _interpolate
self._interpolate_some(option, L, rawval, section, vars, 1)
File
"/usr/local/Cellar/fail2ban/0.10.4/libexec/lib/python2.7/site-packages/fail2ban/client/configparserinc.py",
line 73, in _interpolate_some
return self._cp_interpolate_some(option, accum, rest, section, map, *args,
**kwargs)
File
"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ConfigParser.py",
line 716, in _interpolate_some
"bad interpolation variable reference %r" % rest)
ConfigParser.InterpolationSyntaxError: bad interpolation variable reference
'%(__on_port_opt)\\\\n.*s_connect\\: connect .* Connection refused \\(61\\)”'
Is it the bit after ‘<HOST>’ that it does not like?
James.
> On 12 Apr 2019, at 5:59 pm, Denis Rasulev <[email protected]
> <mailto:[email protected]>> wrote:
>
> Well, looks like we only need to adjust our regex… Let’s try to simplify it:
>
> failregex = "^Service \[ssmtp\] accepted connection from
> .*<HOST>%(__on_port_opt)\\n.*s_connect\: connect .* Connection refused \(61\)"
>
> You may also test your filters without restarting fail2ban every time. For
> this, run this command:
>
> fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/stunnel.local
> --print-all-missed > ~/missed.txt
>
> And then check the output in your home directory, in `missed.txt` file.
>
> Please, pay attention that it is better to keep your own rules in .local file
> rather than adjust standard .conf files.
>
> Denis
>
>> On 12 Apr 2019, at 08:51, James Brown <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>>> On 12 Apr 2019, at 4:33 pm, Denis Rasulev <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> [Init]
>>> maxlines = 2
>>>
>>> [Definition]
>>> failregex = "^Service [ssmtp] accepted connection from
>>> ::ffff:<HOST>%(__on_port_opt)\n.*s_connect: connect ::1:25: Connection
>>> refused (61)"
>>>
>>
>> Thanks Denis.
>>
>> When I use that failregex fail2ban won’t start:
>>
>> fail2ban [39139]: ERROR Failed during configuration: bad
>> interpolation variable reference '%(__on_port_opt)\\n.*s_connect: connect
>> ::1:25: Connection refused (61)'
>>
>> James.
>
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
