Am 20.05.2024 um 16:42 schrieb Arturo 'Buanzo' Busleiman <bua...@buanzo.com.ar>:
fail2ban-regex is what you need to use... trust me on this, I have a bit of experience with fail2ban.
Thats not a problem, i trust you!
Gracias por esta buena conversacion! Saludos M
No, it might not be important, but considering the very focused problem you are trying to solve... specificity is required.
That’s not a problem, that was only a try for a shorter solution „abbreviation“ but without impact.
But with python i have the possibilities to sim this, or only with fail2ban-regex.
I think that i have enough, like this mentoined paper and the folder „filter.d“ as example.
Thanks Its mostly important that i understod the Syntax, so i found the devlopment documentation from version 0.9. so here it’s a overview of the right syntax.
One syntax arn‘t important, the global perspective are the better road.
Thanks Von meinem iPhone gesendet
You also need to give us a bit more help, like examples of the
failed log you are trying to match.
BTW, why try to match a port with \w+ and not \d+? And why \w+?.
On 20/05/2024 13:36, Arturo 'Buanzo'
Busleiman wrote:
It would seem that you need to learn more regex
before attempting to write fail2ban custom filters. It is in
fact a common syntax. You just need to read about the
particulars.
Please use fail2ban-regex command to test and
learn.
Bye!
Yes,
thanks, yes thats true
but
when i add this for example to pyrex, this didnt
match.
So its
not possible to find any «regexeditor» that match with
fail2ban so that i can simulate this?
This also is a valid string, this match
on « Regex101 python « but not with fail2ban
- :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1
Sorry
i have not yet understood which editor i can use for
sim, or is fail2ban a separate unic regex Interpreter?
Thanks
for update
Surely
you need a <HOST> variable in that for f2b to
work. Something like:
NON-SMTP COMMAND
from.\[<HOST>\]:\d+ after
CONNECT:.GET./.HTTP/1.1
Normally you'd also expect some sort of timestamp in the
logs.
On 20/05/2024 12:37, Maurizio
Caloro via Fail2ban-users wrote:
Thanks
for your answer
Please,
after generate this syntax, no chance to include
this to Fail2ban.
From
4389 found 0 hits
[Appl PyRex]
NON-SMTP COMMAND
from.\[+.............\]:......after
CONNECT:.GET./.HTTP/1.1
NON-SMTP
COMMAND from [64.62.197.214]:13465 after CONNECT:
GET / HTTP/1.1
But
what are wrong here?
thanks
Use pyrex or any python
compatible one. Also be mindful of interpreting the
filter definitions in filter.d and using
fail2ban-regex as testing ground.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
|
