Hi Bill,
I had tried fail2ban-regex and am aware of the epoch format but still there is
an issue:
1) if I isolate the timestamp from the log entry (1516469849551) and test with
a dummy IP as follows, it fails
fail2ban-regex -v '1516469849551 1.2.3.4' ''
Running tests
=
Use
See what data patterns fail2ban is using. Run fail2ban-regex
(change for your log file and filter) with the -v switch:
fail2ban-regex -v /var/log/httpd/access_log
/etc/fail2ban/filter.d/my_apache_access.conf
I have a server using version0.9.3 which gives:
Date template hits:
|- [# of hits]
- Fail2Ban version (including any possible distribution suffixes): Fail2ban
v0.9.3
- OS, including release name/version: Ubuntu 16.04.3 LTS
- [X] Fail2Ban installed via OS/distribution mechanisms
- [X] You have not applied any additional foreign patches to the codebase
- [ ] Some customizations
