fail2ban-regex is what you need to use... trust me on this, I have a bit of experience with fail2ban.
XD On Mon, May 20, 2024, 11:41 Maurizio Caloro <mauri...@caloro.ch> wrote: > > > Am 20.05.2024 um 16:30 schrieb Arturo 'Buanzo' Busleiman < > bua...@buanzo.com.ar>: > > > No, it might not be important, but considering the very focused problem > you are trying to solve... specificity is required. > > > That’s not a problem, that was only a try for a shorter solution > „abbreviation“ but without impact. > > But with python i have the possibilities to sim this, or only with > fail2ban-regex. > > I think that i have enough, like this mentoined paper and the folder > „filter.d“ as example. > > Thanks > > > On Mon, 20 May 2024 at 11:19, Maurizio Caloro via Fail2ban-users < > fail2ban-users@lists.sourceforge.net> wrote: > >> Its mostly important that i understod the Syntax, so i found the >> devlopment documentation from version 0.9. so here it’s a overview of the >> right syntax. >> >> One syntax arn‘t important, the global perspective are the better road. >> >> Thanks >> >> Von meinem iPhone gesendet >> >> Am 20.05.2024 um 14:55 schrieb Nick Howitt via Fail2ban-users < >> fail2ban-users@lists.sourceforge.net>: >> >> You also need to give us a bit more help, like examples of the failed >> log you are trying to match. >> >> BTW, why try to match a port with \w+ and not \d+? And why \w+?. >> >> On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: >> >> It would seem that you need to learn more regex before attempting to >> write fail2ban custom filters. It is in fact a common syntax. You just need >> to read about the particulars. >> >> Please use fail2ban-regex command to test and learn. >> >> Bye! >> >> On Mon, May 20, 2024, 09:28 Maurizio Caloro <mauri...@caloro.ch> wrote: >> >>> Yes, thanks, yes thats true >>> >>> - «.\[<HOST>\]:\ » >>> >>> but when i add this for example to pyrex, this didnt match. >>> >>> >>> >>> So its not possible to find any «regexeditor» that match with fail2ban >>> so that i can simulate this? >>> >>> This also is a valid string, this match on « Regex101 python « but not >>> with fail2ban >>> >>> - :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 >>> >>> >>> >>> Sorry i have not yet understood which editor i can use for sim, or is >>> fail2ban a separate unic regex Interpreter? >>> >>> Thanks for update >>> >>> >>> >>> *Von:* Nick Howitt via Fail2ban-users < >>> fail2ban-users@lists.sourceforge.net> >>> *Gesendet:* Montag, 20. Mai 2024 13:53 >>> *An:* fail2ban-users@lists.sourceforge.net >>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>> Regex >>> >>> >>> >>> Surely you need a <HOST> variable in that for f2b to work. Something >>> like: >>> >>> NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 >>> >>> Normally you'd also expect some sort of timestamp in the logs. >>> >>> On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: >>> >>> Thanks for your answer >>> >>> >>> >>> Please, after generate this syntax, no chance to include this to >>> Fail2ban. >>> >>> From 4389 found 0 hits >>> >>> >>> >>> [Appl PyRex] >>> >>> NON-SMTP COMMAND from.\[+.............\]:......after >>> CONNECT:.GET./.HTTP/1.1 >>> >>> NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET / HTTP/1.1 >>> >>> >>> >>> But what are wrong here? >>> >>> thanks >>> >>> >>> >>> *Von:* Arturo 'Buanzo' Busleiman < bua...@buanzo.com.ar > >>> <bua...@buanzo.com.ar> >>> *Gesendet:* Montag, 20. Mai 2024 12:47 >>> *An:* mauri...@caloro.ch >>> *Cc:* Fail 2 Ban <Fail2ban-users@lists.sourceforge.net> >>> <Fail2ban-users@lists.sourceforge.net> >>> *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - question >>> Regex >>> >>> >>> >>> Use pyrex or any python compatible one. Also be mindful of interpreting >>> the filter definitions in filter.d and using fail2ban-regex as testing >>> ground. >>> >>> >>> >>> >>> >>> >>> >>> On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users < >>> fail2ban-users@lists.sourceforge.net> wrote: >>> >>> Hello >>> >>> Please i think the Version 1.1.0 are the newest Version from Fail2ban? >>> >>> >>> >>> Support this now full regex?, i see meny time, that i puzzle on regex101 >>> me syntax and after implement >>> >>> This to live system, this will be always chane. >>> >>> >>> >>> So this question, about Regex compatilities ? >>> >>> Thanks >>> >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fail2ban-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>> >>> >>> >>> _______________________________________________ >>> >>> Fail2ban-users mailing list >>> >>> Fail2ban-users@lists.sourceforge.net >>> >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >>> >>> >>> >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> _______________________________________________ >> Fail2ban-users mailing list >> Fail2ban-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
