Hello Myron, hello list!
Am Donnerstag, dem 26.08.2021 um 19:24 +0100 schrieb Myron:
>
> 2021-08-26 01:28:41.847 Connection "CID-584" terminated by the cause
> "A client which is non-SoftEther VPN software has connected to the
> port." (code 5).
> 2021-08-26 01:28:41.857 Connection "CID-584" has been terminated.
>
Matching against that (code 5) string would be the easy part; () would
have to be escaped with \ like this: \(code 5 \)
The trickier part is the missing IP address in the affected line. The
log looks pretty verbose to me. Is it possible to configure the
logging?
If not, i'm lost for ideas right now. I guess you aren't the first to
block hosts based on more than 1 log line. I guess "multiline" is what
you are looking for.
Cheers,
tim
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
