Re: [Fail2ban-users] horde failregex

Tue, 11 Jun 2019 08:04:44 -0700 

Thank you very much for your answer.

I tried your suggestion but it doesn't work either. However I managed to
get it to work with the following regex "HORDE: \[(horde|imp)\] FAILED
LOGIN for \S+ to (horde|{[^}]+}) \(<HOST>\) (.*)$"

Thank you very much again.
Best regards,
David Wells.

El 11/06/2019 a las 11:25, Denis Rasulev escribió:
> Dear David,
>
> Please, try this regex:
>
> ^HORDE: \[(horde|imp)\] FAILED LOGIN for \S+ to horde \(<HOST>\) \[.*\]$
>
> You can test it like this:
>
> fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/horde.local
> --print-all-missed > /home/<your_username>/missed.txt
>
> or even like this:
>
> fail2ban-regex /var/log/auth.log '^HORDE: \[(horde|imp)\] FAILED LOGIN
> for \S+ to horde \(<HOST>\) \[.*\]$' --print-all-missed >
> /home/<your_username>/missed.txt
>
> Here you will find more info on how to test your regex with
> fail2ban-regex:
>
> http://manpages.ubuntu.com/manpages/bionic/man1/fail2ban-regex.1.html
>
> Hope this helps.
>
> Regards,
> Denis Rasulev
>
>> On 10 Jun 2019, at 18:28, David Wells - Alfavinil S.A.
>> <dwe...@alfavinil.com <mailto:dwe...@alfavinil.com>> wrote:
>>
>> Good afternoon.
>>
>> I recently upgraded Horde webmail edition to 5.2.22 and the fail2ban
>> regex isn't matching the log line even though I'm testing the regex with
>> debbuex.com <http://debbuex.com> and it says it should match. I'm not
>> very knowledgeable in
>> regular expressions and was hoping someone here could lend me a hand.
>>
>> The regex I came up with is "^ HORDE: \[(horde|imp)\] FAILED LOGIN for
>> \S+ to (horde|{[^}]+}) \(<HOST>\) (.*)$"
>>
>> A sample line to match is as follows " HORDE: [horde] FAILED LOGIN for
>> username to horde (127.0.0.1) [pid 2096 on line 199 of
>> "/var/www/horde/login.php"]"
>>
>> I replaced the real IP address with 127.0.0.1 for security purposes but
>> in the log file I have a real valid IP address.
>>
>> Thank you very much in advance,
>> David Wells.
>>
>> <dwells.vcf>_______________________________________________
>> Fail2ban-users mailing list
>> Fail2ban-users@lists.sourceforge.net
>> <mailto:Fail2ban-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>

<<attachment: dwells.vcf>>

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to