[Fail2ban-users] failregex

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

i have an issue with an insane amount of hits on my ftp. that's why i
installed fail2ban on my box. it seems though that i can't seem to get
it working and i think it has to do with the failregex for vsftpd.
here is my info:

centos 4.5
vsftpd-2.0.1-5.EL4.5
fail2ban-0.6.2-1.el4.rf

vsftpd section of fail2ban.conf:
logfile = /var/log/messages
failregex = vsftpd: \(pam_unix\) authentication failure; .*rhost=(?P<host>\S+)

the vsftpd attempts in /var/log/messages looks like this though:
Sep 11 06:40:41 mail vsftpd(pam_unix)[22973]: authentication failure;
logname= uid=0 euid=0 tty= rusers= rhost=218.93.117.89

i'm not sure but i think it has to do with the failregex expression
being incorrect. any help on this would be appreciated. i don't
understand the syntax required for failregex.
Thanks.