Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question Regex

[Maurizio Caloro via Fail2ban-users]

Its mostly important that i understod the Syntax, so i found the devlopment documentation from version 0.9. so here it’s a overview of the right syntax. One syntax arn‘t important, the global perspective are the better road. Thanks Von meinem iPhone gesendet Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users <fail2ban-users@lists.sourceforge.net>:  You also need to give us a bit more help, like examples of the failed log you are trying to match. BTW, why try to match a port with \w+ and not \d+? And why \w+?. On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: It would seem that you need to learn more regex before attempting to write fail2ban custom filters. It is in fact a common syntax. You just need to read about the particulars. Please use fail2ban-regex command to test and learn. Bye! On Mon, May 20, 2024, 09:28 Maurizio Caloro <mauri...@caloro.ch> wrote: Yes, thanks, yes thats true «.\[<HOST>\]:\ » but when i add this for example to pyrex, this didnt match.   So its not possible to find any «regexeditor» that match with fail2ban so that i can simulate this? This also is a valid string, this match on « Regex101 python « but not with fail2ban :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1   Sorry i have not yet understood which editor i can use for sim, or is fail2ban a separate unic regex Interpreter? Thanks for update   Von: Nick Howitt via Fail2ban-users <fail2ban-users@lists.sourceforge.net> Gesendet: Montag, 20. Mai 2024 13:53 An: fail2ban-users@lists.sourceforge.net Betreff: Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question Regex   Surely you need a <HOST> variable in that for f2b to work. Something like: NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 Normally you'd also expect some sort of timestamp in the logs. On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: Thanks for your answer   Please, after generate this syntax, no chance to include this to Fail2ban. From 4389 found 0 hits   [Appl PyRex] NON-SMTP COMMAND from.\[+.............\]:......after CONNECT:.GET./.HTTP/1.1 NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1   But what are wrong here? thanks   Von: Arturo 'Buanzo' Busleiman < bua...@buanzo.com.ar > Gesendet: Montag, 20. Mai 2024 12:47 An: mauri...@caloro.ch Cc: Fail 2 Ban <Fail2ban-users@lists.sourceforge.net> Betreff: Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question Regex   Use pyrex or any python compatible one. Also be mindful of interpreting the filter definitions in filter.d and using fail2ban-regex as testing ground.       On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users <fail2ban-users@lists.sourceforge.net> wrote: Hello Please i think the Version 1.1.0 are the newest Version from Fail2ban?   Support this now full regex?, i see meny time, that i puzzle on regex101 me syntax and after implement This to live system, this will be always chane.   So this question, about Regex compatilities ? Thanks _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users   _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users

_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users