From owner-freebsd-questions@freebsd.org Sun Jul 24 17:08:25 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B969FBA3204 for ; Sun, 24 Jul 2016 17:08:25 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) Received: from nm13-vm0.bullet.mail.bf1.yahoo.com (nm13-vm0.bullet.mail.bf1.yahoo.com [98.139.213.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7382A1AA9 for ; Sun, 24 Jul 2016 17:08:24 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1469380103; bh=osB+RTY3ZvUW4A9kyrGevbEa3OJ/2wa/BLO0vn+FdcQ=; h=Subject:To:References:From:Date:In-Reply-To:From:Subject; b=JNwxcH6/+x10dOjt9niU7zGs60oDg3c1qpPyewXdoI1FfUcyussztvaXEOAhTRID9Hew7o7fdDspWLmy2JPbvnn2sSs5cEAJhOmziUZt6DdavjqoMtCLVZByvuMZXRSJAr+P8yNNZ/gLe3pJZibmUIus4xMoDKyCFnSAedw81ENe5IOe+VvMV0hv6QUNCRDtjX8L/XqSrINs0nS+FZPtuuxn7p46liE2kQNarjMYuFzfnuSpCv1tOrr/XC3nmcjRX1dJ8+qVuMqIQaKOGB83mlNRuvxLkBIX92I1G6XcEdQzjtI0ybgNEwoHRhYidnxA3c9fiNrfsDTb5dEFFgyRQw== Received: from [98.139.215.143] by nm13.bullet.mail.bf1.yahoo.com with NNFMP; 24 Jul 2016 17:08:23 -0000 Received: from [98.139.213.11] by tm14.bullet.mail.bf1.yahoo.com with NNFMP; 24 Jul 2016 17:08:23 -0000 Received: from [127.0.0.1] by smtp111.mail.bf1.yahoo.com with NNFMP; 24 Jul 2016 17:08:23 -0000 X-Yahoo-Newman-Id: 138300.49120.bm@smtp111.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: U21VuiYVM1mzJtLm6zACymSSpVUspGt5RLcRIc7iOe6wWff ZypyeZbs8907HzV_2OzlVJF_ImSHJLndiVfbsqMhSREp0IZpXxU9EXAqtVuI LJ90Vb6xD6WkdUJtdtzHlX3tCXXTOGhL1LZ_HxK2g_jq3w97DmuszxMyp18i 4sXWkPMuGO2BPMlRgOKrflfkRHCydMzT1uqu6NpNLwXj4YrzhFAoTwK33TNg N5FcEOpJVhE3cXefgtCt3Pfp3D6.CCXk0k2Sb0mDCuCufixSekbl0FmRKdT8 JuKzyhd7_rnzKIIctwoPZmKoK88RwF0fELabNh0ILMUDg9Qq1DgPCZv8RK4B dKlKqzN1iv15ikICroLxNwynHSyMeW2otXi0W6xvAyRFE4kbpEgMT6CBQS96 wEQ7b04BrPA7pyM9SvX4n4Qo2Hv2yEl3BsUj2_7BpaDJ25wp9jYA5sO8DC4e nYGaM0kRS5kkOaZZkWR4uuVpdiMjGYvOIIeHbyr29eEdvtRAhaI9VdHjEEbJ i9IvrWLfQaAQwgrzxcARrX90vPW8mTdxFnSX3igOoBApvaelcsMQoYw-- X-Yahoo-SMTP: h3Xqg6.swBC0yI913RMMwp94grO_cg-- Subject: Re: Fail2ban python regex issue To: freebsd-questions@freebsd.org References: <1b35e652-1540-6eb3-9a6e-47a0cf4ce97a@yahoo.com> <20160724165545.0e784017@gumby.homeunix.com> From: pathiaki2 Message-ID: <1e97441f-a33e-b791-a07f-6a7b4a9af0c0@yahoo.com> Date: Sun, 24 Jul 2016 13:08:21 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <20160724165545.0e784017@gumby.homeunix.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jul 2016 17:08:25 -0000 I solved it with a much less selective line: ^%(__prefix_line)sauth: ldap\(\S*,\): unknown user It grabs the correct lines and bans the correct IPs now. Thank you for making me think 'simpler'. P. On 07/24/2016 11:55, RW via freebsd-questions wrote: > On Sat, 23 Jul 2016 17:06:53 -0400 > pathiaki2 via freebsd-questions wrote: > >> Hi, >> >> I'm extending fail2ban to catch things on FreeBSD. >> ... >> Jul 23 00:02:48 dovecot: auth: >> ldap(valeria,91.200.12.148): unknown user (SHA1 of given password: >> e557ee1b78fd6978af5ea1f614597f79dc13c40e) >> >> I'm trying this: >> >> ^%(__prefix_line)s(: auth: ldap\(\S+,\):) unknown user\s*$ >> >> What am I missing? There's no error with the interpreter, it's just >> not matching the line. > I don't use fail2ban, so I may have misunderstood something, but the > obvious answer is that the "\s*$" on the end of the regex shouldn't be > there. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"