Date: Sun, 24 Jul 2016 13:08:21 -0400 From: pathiaki2 <pathiaki2@yahoo.com> To: freebsd-questions@freebsd.org Subject: Re: Fail2ban python regex issue Message-ID: <1e97441f-a33e-b791-a07f-6a7b4a9af0c0@yahoo.com> In-Reply-To: <20160724165545.0e784017@gumby.homeunix.com> References: <1b35e652-1540-6eb3-9a6e-47a0cf4ce97a@yahoo.com> <20160724165545.0e784017@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I solved it with a much less selective line: ^%(__prefix_line)sauth: ldap\(\S*,<HOST>\): unknown user It grabs the correct lines and bans the correct IPs now. Thank you for making me think 'simpler'. P. On 07/24/2016 11:55, RW via freebsd-questions wrote: > On Sat, 23 Jul 2016 17:06:53 -0400 > pathiaki2 via freebsd-questions wrote: > >> Hi, >> >> I'm extending fail2ban to catch things on FreeBSD. >> ... >> Jul 23 00:02:48 <machine FQDN> dovecot: auth: >> ldap(valeria,91.200.12.148): unknown user (SHA1 of given password: >> e557ee1b78fd6978af5ea1f614597f79dc13c40e) >> >> I'm trying this: >> >> ^%(__prefix_line)s(: auth: ldap\(\S+,<HOST>\):) unknown user\s*$ >> >> What am I missing? There's no error with the interpreter, it's just >> not matching the line. > I don't use fail2ban, so I may have misunderstood something, but the > obvious answer is that the "\s*$" on the end of the regex shouldn't be > there. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1e97441f-a33e-b791-a07f-6a7b4a9af0c0>