From: Sven N. <s.n...@ko...> - 2007-08-10 09:15:51
|
Hi, I am new with fail2ban. I want to use fail2ban with qpopper. So I want to log for this expression in /var/log/mail.log Aug 10 09:56:55 openX in.qpopper[3708]: [AUTH] Failed attempted login to sven from host (sven.xxxx.xxx) 192.168.255.150 [pop_pass.c:1383] So made up this regexp: failregex = Failed attempted login .* from <HOST>\s* But it is not working. I can use on the linux shell cat /var/log/auth.log | grep " Failed attempted login .* from \s*" which shows me the lines with failed logins. Is ther a good documentation how to use regexp in fail2ban? I am thanksfull for any help. Sven |
From: Yaroslav H. <li...@on...> - 2007-08-10 16:32:56
|
> failregex = Failed attempted login .* from <HOST>\s* use this one: Failed attempted login to \S+ from host (\S+) <HOST>(?: \[pop_pass\.c.*\])? > Is ther a good documentation how to use regexp in fail2ban? just any documentation on python's regexp would suffice ;-) -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |