Hi,
I've been trying this for HOURS and just can't figure out what is going
wrong... I am running Asterisk (in a Docker container) and it is logging
to journald. Fail2ban is running on the host machine but this does not
really matter for the problem I am having.
I am able to match a single log line (that I just copy/paste from
journalctl) using fail2ban-regex -vv but not using journald directly.
But if I take the Prefregex line that is output by fail2ban-regex, paste
it in regex101.com (https://regex101.com/r/XuydiL/1) and also include
some log lines, they do match!
So this gives a match:
fail2ban-regex -vv "Feb 17 11:28:49 s1 asterisk[584]: [Feb 17 11:28:49]
NOTICE[169]: res_pjsip/pjsip_distributor.c:673 log_failed_request:
Request 'REGISTER' from '<sip:[email protected]>' failed for
'94.23.150.225:51825' (callid: 1052582086-1967824972-593464062) - Failed
to authenticate" asterisk[logtype=journal]
This does not work:
fail2ban-regex systemd-journal[journalflags=1] asterisk
Running tests
=============
Use failregex filter file : asterisk, basedir: /etc/fail2ban
Use datepattern : {^LN-BEG} : Default Detectors
Use systemd journal
Use encoding : UTF-8
Use journal match : CONTAINER_NAME=asterisk
Results
=======
Prefregex: 0 total
| ^\s*(?:\S+\s+)?(?:asterisk(?:\s*\[\d+\])?:?\s+)?(?:kernel:\s?\[
*\d+\.\d+\]:?\s+)?(?:\[[^\]]+\]\s+)?(?:NOTICE|SECURITY|WARNING)(?:\s*\[\d+\]):?(?:\[C-[\da-f]*\])?:?
[^:]+:\d*(?:(?: in)? [^:]+:)? (?P<content>.+)$
`-
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 7655 lines, 0 ignored, 0 matched, 7655 missed
I've attached some more lines from my journal.
--
Met vriendelijke groet,
Pieter Hensen
2026-02-17T12:29:23.183091+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[258]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '"4222" <sip:[email protected]>' failed for
'185.243.5.185:43660' (callid: 643843039) - No matching endpoint found
2026-02-17T12:29:23.214905+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[169]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '<sip:[email protected]>' failed for '67.134.29.38:5060'
(callid: e5f4a262599631e4f7a636) - No matching endpoint found
2026-02-17T12:29:23.214930+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[169]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '<sip:[email protected]>' failed for '67.134.29.38:5060'
(callid: e5f4a262599631e4f7a636) - Failed to authenticate
2026-02-17T12:29:23.442428+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[258]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '"4222" <sip:[email protected]>' failed for
'185.243.5.185:43660' (callid: 643843039) - No matching endpoint found
2026-02-17T12:29:23.442465+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[258]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '"4222" <sip:[email protected]>' failed for
'185.243.5.185:43660' (callid: 643843039) - Failed to authenticate
2026-02-17T12:29:23.474974+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[169]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '<sip:[email protected]>' failed for '67.134.29.38:5060'
(callid: e5f4a262599631e4f7a636) - No matching endpoint found
2026-02-17T12:29:23.475010+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[169]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '<sip:[email protected]>' failed for '67.134.29.38:5060'
(callid: e5f4a262599631e4f7a636) - Failed to authenticate
2026-02-17T12:29:23.775871+01:00 s1 asterisk[584]: [Feb 17 12:29:23]
NOTICE[258]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request
'REGISTER' from '"4333" <sip:[email protected]>' failed for
'185.243.5.185:43660' (callid: 4117908154) - No matching endpoint found
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
