[Fail2ban-users] regex failing

Dan Egli Fri, 07 May 2021 01:23:20 -0700

Okay, I don't know what I'm doing wrong but apparently I REALLY suck at writing regular expressions. I'm trying to create an expression that would catch these lines:

07-May-2021 00:00:52.925 security: info: client @0x7f2ef8030298 177.237.40.218#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied 07-May-2021 00:00:52.925 security: info: client @0x7f2ef801b528 177.237.40.218#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied 07-May-2021 00:00:52.925 security: info: client @0x7f2ef80104c8 177.237.40.218#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied

the number after the # can change, obviously. I tried this, but fail2ban-regex said it missed:


"security: info: client @0x.* <HOST>#.* (.*): query (cache) .* denied"

So, how would I correct this regex so that it sees this 177.237.40.218 idiot? In under 5 minutes he's tried over 16k queries for the same damn thing.


--
Dan Egli
From my Test Server

OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key

OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] regex failing

Reply via email to