On 07/05/2021 10:59, Dan Egli wrote:
On 5/7/2021 2:46 AM, Nick Howitt wrote:
Also, try starting small with something like:
".*<HOST>.*denied"
I tried that just now, fails in the file, fails on the command line.
# fail2ban-regex "07-May-2021 03:22:16.413 security: info: client
@0x7fc7b8055fc8 192.169.102.220#12001 (pizzaseo.com): query (cache)
'pizzaseo.com/RRSIG/IN' denied" ".*<HOST>.*denied"
Running tests
=============
Use failregex line : .*<HOST>.*denied
Use single line : 07-May-2021 03:22:16.413 security: info: client
@0...
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] {^LN-BEG}Day(?P<_sep>[-/])MON(?P=_sep)ExYear[
:]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.05 sec]
|- Missed line(s):
| 07-May-2021 03:22:16.413 security: info: client @0x7fc7b8055fc8
192.169.102.220#12001 (pizzaseo.com): query (cache)
'pizzaseo.com/RRSIG/IN' denied
`-
So build it up a bit:
".* <HOST>.*denied"
".* <HOST>#.*denied"
Also try escaping the #.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
