On 07/05/2021 07:57, Iosif Fettich wrote:
Hi there,
the number after the # can change, obviously. I tried this, but
fail2ban-regex said it missed:
"security: info: client @0x.* <HOST>#.* (.*): query (cache) .* denied"
So, how would I correct this regex so that it sees this 177.237.40.218
idiot? In under 5 minutes he's tried over 16k queries for the same
damn thing.
Try
"security: info: client @0x.* <HOST>#.* \(.*\): query \(cache\) .*
denied"
How important are all the words in the message? Can it be simplified to@
"security: info: client @0x.* <HOST>#.*denied"
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
