fail2ban v0.10.3
linux v4.12.14-lp150.12.58-default x86_64
The second regex (...Error Code=unknown...) below is not matching the
second example. fail2ban-regex was not helpful even with --verbosity=4;
it only matched the date pattern.
The first regex matches without a problem.
Does anyone see what the error is?
# Capture dictionary attacks
# 20:24:51.463 1 IMAP-151473([114.104.162.36]:54046) failed to open
ACCOUNT(russell_first_n...@businessmastery.us) for
[114.104.162.36]:54046->[192.168.69.246]:993. Error Code=account is not
available on this system
# 17:49:22.641 1 SMTPI-025271([45.13.36.34]) failed to open
ACCOUNT(dan...@sma-inc.us) for
[45.13.36.34]:24620->[192.168.69.246]:465. Error Code=unknown user account
#
failregex = ^.*\(\[<HOST>\]\:.*\).*?Error Code=account is not available.*$
^.*\(\[<HOST>\]\:.*\).*?Error Code=unknown user account*$
datepattern = %%H:%%M:%%S
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
