Am Donnerstag, dem 28.10.2021 um 18:25 +0200 schrieb Andrea Venturoli: > > > # fail2ban-regex "Oct 28 17:42:02 zzzz imaps[93940]: badlogin: > > [1.2.3.4] plaintext yyyyyyy SASL(-13): authentication failure: > > checkpass failed" 'badlogin: [^\[]*\[<HOST>\] \S+ .*?\[?SASL\(- > > 13\): (authentication failure|user not found): .*\]?$' > > ... > > Lines: 1 lines, 0 ignored, 1 matched, 0 missed > > > Any hint on what to try next?
To me, it seems easier (and less error-prone) to run fail2ban-regex directly on the log file: fail2ban-regex /var/log/whatever/service.log cyrus (if cyrus is the name of the filter) I'll test your failregex pretty soon. Cheers, tim _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
