Fail2Ban and custom rules - regex inconsistency?
Avi Greenbury
avismailinglistaccount at googlemail.com
Tue Dec 14 16:26:40 UTC 2010
Hi all,
I have a log file to parse with Fail2Ban. It contains lines of the form:
2010/12/14 15:12:31 - 80.87.131.48
I've concocted a simple regexp for Fail2Ban:
# fail2ban-regex '2010/12/14 15:12:31 - 80.87.131.48' ' - <HOST>$'
Success, the following data were found:
[....]
So I've created a /etc/fail2ban/filter.d/adminpages.conf which contains:
[Definition]
#_daemon = apache
# Option: failregex
# Notes.:Regex to match Gary's logging script.
# Values: TEXT
failregex =" - <HOST>$"
ignoreregex =
But when I test this file against the log file:
# fail2ban-regex log.txt /etc/fail2ban/filter.d/adminpages.conf
Sorry, no match
I've tried the regex in single quotes, double quotes and with no quotes
at all, and they never match in that file. I'm assuming I've got
something quite elementary wrong, but I can't work out what. I'm hoping
one of you will be able to tell me what it is.
Thanks!
--
Avi.
More information about the ubuntu-users
mailing list