Many thanks for the reply - unfortunately it did not work, looks like I will
have to look for another log file with a date in it::
Results
=======
Failregex: 0 total
|- #) [# of hits] regular expression
| 1) [0] ^.* 401 POST .*. \(<HOST>\) .*$
`-
Ignoreregex: 0 total
|- #) [# of hits] regular expression
| 1) [0] ''
`-
Date template hits:
|- [# of hits] date format
| [0] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|
?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?:
ExYear)?
| [0] {^LN-BEG}(?:DAY )?MON Day ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] {^LN-BEG}Day(?P<_sep>[-/])Month(?P=_sep)(?:ExYear|ExYear2)
%k:Minute:Second
| [0] {^LN-BEG}Day(?P<_sep>[-/])MON(?P=_sep)ExYear[
:]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
| [0] {^LN-BEG}Month/Day/ExYear:24hour:Minute:Second
| [0] {^LN-BEG}Month-Day-ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] {^LN-BEG}Epoch
| [0] {^LN-BEG}ExYear2ExMonthExDay ?24hour:Minute:Second
| [0] {^LN-BEG}MON Day, ExYear 12hour:Minute:Second AMPM
| [0] {^LN-BEG}ExYearExMonthExDay(?:T|
?)Ex24hourExMinuteExSecond(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] {^LN-BEG}(?:Zone name )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] {^LN-BEG}(?:Zone offset )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] {^LN-BEG}TAI64N
| [0] ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|
?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] (?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] (?:DAY )?MON Day ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] Day(?P<_sep>[-/])Month(?P=_sep)(?:ExYear|ExYear2) %k:Minute:Second
| [0] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[
:]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
| [0] Month/Day/ExYear:24hour:Minute:Second
| [0] Month-Day-ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] Epoch
| [0] {^LN-BEG}24hour:Minute:Second
| [0] ^<Month/Day/ExYear2@24hour:Minute:Second>
| [0] ExYear2ExMonthExDay ?24hour:Minute:Second
| [0] MON Day, ExYear 12hour:Minute:Second AMPM
| [0] ^MON-Day-ExYear2 %k:Minute:Second
| [0] ExYearExMonthExDay(?:T|
?)Ex24hourExMinuteExSecond(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] (?:Zone name )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] (?:Zone offset )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] TAI64N
`-
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.07 sec]
|- Missed line(s):
| [W 11:58:05.222 NotebookApp] 401 POST /login?next=%2F (192.168.1.141)
From: Rhys McWilliams <r...@castlehillcc.co.za>
Sent: 04 May 2021 12:50
To: fail2ban-users@lists.sourceforge.net
Subject: Re: [Fail2ban-users] New user - please help
Hi
I'm by no means an expert on this but something like this may work
failregex = ^.* 401 POST .*. \(<HOST>\) .*$
The brackets "()" need to be escaped as they have special meaning within the
regexp...
Regards
------------------------
Rhys McWilliams
On 2021/05/04 13:27, miner1...@gmail.com <mailto:miner1...@gmail.com>
wrote:
Good day,
Hope you guys are doing well!
I've been trying for a while now to get the correct failregex for the log
entry below to ban the IP (192.168.1.141) without any success. The log is
produced by Jupyter notebooks via the "jupyter notebook --debug >
jupyter.log 2>&1" command line since I am not aware of any other logs to use
produced by Jupyter notebooks. The "W" in the beginning of the log entry
line appears to be the major issue I'm struggling with, any help to get the
failregex to capture the "401 POST" and the host IP (192.168.1.141) from the
log entry below will be greatly appreciated.
[W 11:58:05.222 NotebookApp] 401 POST /login?next=%2F (192.168.1.141) 5.01ms
referer=https://192.168.1.193:8888/login
Many thanks in advance.
Best regards,
Jake
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
