I'm hoping someone can help me understand this as I'm failing to find the information I need from the documentation.
As an example: 2022-04-19 09:15:56.818 For the client (IP address: 185.180.143.71, host name: "sh-phx-us-gd10-wk102.internet-census.org", port number: 42282), connection "CID-151" has been created. 2022-04-19 09:15:57.415 SSL communication for connection "CID-151" has been started. The encryption algorithm name is "RC4-MD5". 2022-04-19 09:16:15.284 Connection "CID-151" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5). 2022-04-19 09:16:15.284 Connection "CID-151" has been terminated. Here there is always one line that contains the host's IP address and then a SoftEther assigned connection ID. All subsequent log lines contain the connection ID (not the IP address.) Here is where I'm struggling....... How do I create a rule that does the following test: 2022-04-19 09:16:15.284 Connection "185.180.143.71" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5). The plain english bit is how do I get Fail2Ban to remember that CID-151 equates to IP 185.180.143.71 and then for every time it encounters CID-151, it treats that ID as 185.180.143.71.
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
