On 04/05/2021 13:39, miner1...@gmail.com wrote:
Many thanks for the reply – unfortunately it did not work, looks like I
will have to look for another log file with a date in it::
Results
=======
Failregex: 0 total
|- #) [# of hits] regular expression
| 1) [0] ^.* 401 POST .*. \(<HOST>\) .*$
`-
Ignoreregex: 0 total
|- #) [# of hits] regular expression
| 1) [0] ''
`-
Date template hits:
|- [# of hits] date format
| [0] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|
?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?:
ExYear)?
| [0] {^LN-BEG}(?:DAY )?MON Day ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] {^LN-BEG}Day(?P<_sep>[-/])Month(?P=_sep)(?:ExYear|ExYear2)
%k:Minute:Second
| [0] {^LN-BEG}Day(?P<_sep>[-/])MON(?P=_sep)ExYear[
:]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
| [0] {^LN-BEG}Month/Day/ExYear:24hour:Minute:Second
| [0] {^LN-BEG}Month-Day-ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] {^LN-BEG}Epoch
| [0] {^LN-BEG}ExYear2ExMonthExDay ?24hour:Minute:Second
| [0] {^LN-BEG}MON Day, ExYear 12hour:Minute:Second AMPM
| [0] {^LN-BEG}ExYearExMonthExDay(?:T|
?)Ex24hourExMinuteExSecond(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] {^LN-BEG}(?:Zone name )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] {^LN-BEG}(?:Zone offset )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] {^LN-BEG}TAI64N
| [0] ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|
?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] (?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] (?:DAY )?MON Day ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] Day(?P<_sep>[-/])Month(?P=_sep)(?:ExYear|ExYear2) %k:Minute:Second
| [0] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[
:]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
| [0] Month/Day/ExYear:24hour:Minute:Second
| [0] Month-Day-ExYear %k:Minute:Second(?:\.Microseconds)?
| [0] Epoch
| [0] {^LN-BEG}24hour:Minute:Second
| [0] ^<Month/Day/ExYear2@24hour:Minute:Second>
| [0] ExYear2ExMonthExDay ?24hour:Minute:Second
| [0] MON Day, ExYear 12hour:Minute:Second AMPM
| [0] ^MON-Day-ExYear2 %k:Minute:Second
| [0] ExYearExMonthExDay(?:T|
?)Ex24hourExMinuteExSecond(?:[.,]Microseconds)?(?:\s*Zone offset)?
| [0] (?:Zone name )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] (?:Zone offset )?(?:DAY )?MON Day
%k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
| [0] TAI64N
`-
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.07 sec]
|- Missed line(s):
| [W 11:58:05.222 NotebookApp] 401 POST /login?next=%2F (192.168.1.141)
*From:*Rhys McWilliams <r...@castlehillcc.co.za>
*Sent:* 04 May 2021 12:50
*To:* fail2ban-users@lists.sourceforge.net
*Subject:* Re: [Fail2ban-users] New user - please help
Hi
I'm by no means an expert on this but something like this may work
failregex = ^.* 401 POST .*. \(<HOST>\) .*$
The brackets "()" need to be escaped as they have special meaning within
the regexp...
Regards
------------------------
Rhys McWilliams
On 2021/05/04 13:27, miner1...@gmail.com <mailto:miner1...@gmail.com> wrote:
Good day,
Hope you guys are doing well!
I’ve been trying for a while now to get the correct failregex for
the log entry below to ban the IP (192.168.1.141) without any
success. The log is produced by Jupyter notebooks via the “jupyter
notebook --debug > jupyter.log 2>&1” command line since I am not
aware of any other logs to use produced by Jupyter notebooks. The
“W” in the beginning of the log entry line appears to be the major
issue I’m struggling with, any help to get the failregex to capture
the “401 POST” and the host IP (192.168.1.141) from the log entry
below will be greatly appreciated.
[W 11:58:05.222 NotebookApp] 401 POST /login?next=%2F
(192.168.1.141) 5.01ms referer=https://192.168.1.193:8888/login
<https://192.168.1.193:8888/login>
Many thanks in advance.
Best regards,
Jake
I don't know what you do with them to make them always run but have a
look at
https://gist.github.com/wassname/d17325f36c36fa663dd7de3c09a55e74. If
you log to stdout I think it is then picked up by your syslog program
and date and timestamps are added by it, but I'm not certain.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
