Hello team, So, I have these kinds of lines on the zimbra 9 auth log:
Dec 5 15:43:30 mx20 mailbox-log 2023-12-02 11:13:20,110 INFO [qtp1059063940-46725701://localhost:8080/service/soap/BatchRequest] [name= x...@xxxxxx.com;oip=1.2.3.4, 5.6.7.8;ua=zclient/9.0.0_GA_4564;soapId=612ef133;] account - Error occurred during authentication: authentication failed for [cjq]. Reason: invalid password. oip can have many IPs, but the first one (1.2.3.4 in example) is the valid one. After many failed attempts, failures when trying to compile the regex when testing with fail2ban-regex. FInally, I tested this "maximum simplicity" one 'oip=<HOST>[,;].*invalid password' Any advice? Do I also need to create a dateformat? I dont think so considering the second date column, but.... Thanks! Buanzo
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
