Re: Fail2Ban and custom rules - regex inconsistency?

To: debian-user@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: Fail2Ban and custom rules - regex inconsistency?
From: bruno <bruno.debian@cyberoso.com>
Date: Mon, 20 Dec 2010 17:24:14 +0100
Message-id: <[🔎] 4D0F832E.8010400@cyberoso.com>
In-reply-to: <[🔎] 20101220144013.2867cc22@moses>
References: <[🔎] 20101220144013.2867cc22@moses>

Avi Greenbury wrote:

Hi all,

I have a log file to parse with Fail2Ban. It contains lines of the form:

2010/12/14 15:12:31 - 80.87.131.48

I've concocted a simple regexp for Fail2Ban:

  # fail2ban-regex '2010/12/14 15:12:31 - 80.87.131.48' ' - <HOST>$'

  Success, the following data were found:

[....]


So I've created a /etc/fail2ban/filter.d/adminpages.conf which contains:

  [Definition]
  #_daemon = apache

  # Option: failregex
  # Notes.:Regex to match Gary's logging script.
  # Values: TEXT

  failregex =" - <HOST>$"

ignoreregex =

But when I test this file against the log file:

# fail2ban-regex log.txt /etc/fail2ban/filter.d/adminpages.confSorry, no match


I've tried the regex in single quotes, double quotes and with no quotes
at all, and they never match in that file. I'm assuming I've got
something quite elementary wrong, but I can't work out what. I'm hoping
one of you will be able to tell me what it is.

Thanks!

Hello,

Are you certain about the format?
You test your expression on one line, why not test it on the file :

fail2ban-regex log.txt ' - <HOST>$'


Bruno

Reply to:

References:
- Fail2Ban and custom rules - regex inconsistency?
  - From: Avi Greenbury <avismailinglistaccount@googlemail.com>

Prev by Date: Re: "No devices found" in X
Next by Date: Re: "No devices found" in X
Previous by thread: Re: Fail2Ban and custom rules - regex inconsistency?
Next by thread: Important question.
Index(es):
- Date
- Thread