Hello friends,
I just upgraded openssh and now have with a pair of problematic
correlated events:
2021-08-16T04:10:35.924+00:00 pawan sshd[424228]: error:
kex_exchange_identification: Connection closed by remote host
2021-08-16T04:10:35.924+00:00 pawan sshd[424228]: Connection closed by
205.185.113.128 port 35352
The first event signifies abuse that I would like to block those,
but the relevant IP is only found in the following event i.e.
correlated on (daemon=sshd, pid=424228). The 2nd event is normal
so I cannot block it unconditionally.
Is there a way to express a suitable filter?
/Allan
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
