You also need to give us a bit more help, like examples of the failed
log you are trying to match.
BTW, why try to match a port with \w+ and not \d+? And why \w+?.
On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote:
It would seem that you need to learn more regex before attempting to
write fail2ban custom filters. It is in fact a common syntax. You just
need to read about the particulars.
Please use fail2ban-regex command to test and learn.
Bye!
On Mon, May 20, 2024, 09:28 Maurizio Caloro <mauri...@caloro.ch> wrote:
Yes, thanks, yes thats true
* «.\[<HOST>\]:\ »
but when i add this for example to pyrex, this didnt match.
So its not possible to find any «regexeditor» that match with
fail2ban so that i can simulate this?
This also is a valid string, this match on « Regex101 python « but
not with fail2ban
* :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1
Sorry i have not yet understood which editor i can use for sim, or
is fail2ban a separate unic regex Interpreter?
Thanks for update
*Von:*Nick Howitt via Fail2ban-users
<fail2ban-users@lists.sourceforge.net>
*Gesendet:* Montag, 20. Mai 2024 13:53
*An:* fail2ban-users@lists.sourceforge.net
*Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github -
question Regex
Surely you need a <HOST> variable in that for f2b to work.
Something like:
NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1
Normally you'd also expect some sort of timestamp in the logs.
On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote:
Thanks for your answer
Please, after generate this syntax, no chance to include this
to Fail2ban.
From 4389 found 0 hits
[Appl PyRex]
NON-SMTP COMMAND from.\[+.............\]:......after
CONNECT:.GET./.HTTP/1.1
NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET
/ HTTP/1.1
But what are wrong here?
thanks
*Von:*Arturo 'Buanzo' Busleiman <bua...@buanzo.com.ar >
<mailto:bua...@buanzo.com.ar>
*Gesendet:* Montag, 20. Mai 2024 12:47
*An:* mauri...@caloro.ch
*Cc:* Fail 2 Ban <Fail2ban-users@lists.sourceforge.net>
<mailto:Fail2ban-users@lists.sourceforge.net>
*Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github -
question Regex
Use pyrex or any python compatible one. Also be mindful of
interpreting the filter definitions in filter.d and using
fail2ban-regex as testing ground.
On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users
<fail2ban-users@lists.sourceforge.net> wrote:
Hello
Please i think the Version 1.1.0 are the newest Version
from Fail2ban?
Support this now full regex?, i see meny time, that i
puzzle on regex101 me syntax and after implement
This to live system, this will be always chane.
So this question, about Regex compatilities ?
Thanks
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
