Fail2Ban and custom rules - regex inconsistency?

To: debian-user@lists.debian.org
Subject: Fail2Ban and custom rules - regex inconsistency?
From: Avi Greenbury <avismailinglistaccount@googlemail.com>
Date: Mon, 20 Dec 2010 14:40:13 +0000
Message-id: <[🔎] 20101220144013.2867cc22@moses>

Hi all,

I have a log file to parse with Fail2Ban. It contains lines of the form:

2010/12/14 15:12:31 - 80.87.131.48

I've concocted a simple regexp for Fail2Ban:

  # fail2ban-regex '2010/12/14 15:12:31 - 80.87.131.48' ' - <HOST>$'

  Success, the following data were found:
  
  [....]

So I've created a /etc/fail2ban/filter.d/adminpages.conf which contains:

  [Definition]
  #_daemon = apache

  # Option: failregex
  # Notes.:Regex to match Gary's logging script.
  # Values: TEXT

  failregex =" - <HOST>$"
  ignoreregex = 

But when I test this file against the log file:

   # fail2ban-regex log.txt /etc/fail2ban/filter.d/adminpages.conf 
   Sorry, no match

I've tried the regex in single quotes, double quotes and with no quotes
at all, and they never match in that file. I'm assuming I've got
something quite elementary wrong, but I can't work out what. I'm hoping
one of you will be able to tell me what it is.

Thanks!

-- 
Avi

Reply to:

Follow-Ups:
- Re: Fail2Ban and custom rules - regex inconsistency?
  - From: Camaleón <noelamac@gmail.com>
- Re: Fail2Ban and custom rules - regex inconsistency?
  - From: bruno <bruno.debian@cyberoso.com>

Prev by Date: Re: Keeping Lenny via /etc/apt/sources.list when Squeeze becomes stable
Next by Date: Re: "No devices found" in X
Previous by thread: Re: Experimental kernel on sid
Next by thread: Re: Fail2Ban and custom rules - regex inconsistency?
Index(es):
- Date
- Thread