On 1/14/21 8:12 AM, Dan Mahoney (Gushi) wrote: > We have a regex that "matches" but I watch fail2ban.log with "tail > -F" and I watch match and match and match > and not ban. > I see a similar pattern here for this reason: When f2b scans a log file it finds multiple log entries of an attack, and lists them all as an INFO. Then at the end of the scan, the IP is banned. Your f2b log shows f2b was restarted before the scan was finished. After the restart, the scan continued and the IP was ultimately banned.
-- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
