From: Martin W. <ma...@wa...> - 2010-09-16 18:27:57
|
Hi René, Am 16.09.2010 um 19:54 schrieb René Berber: > On 9/16/2010 1:17 AM, Martin Waschbuesch wrote: > > [snip] >> But although I use the exact same logfile and failregex, fail2ban >> itself will not recognize anything. > > failregex also didn't recognize the date-stamp, usually you get 2 > results, one for the target regex, and another for the date stamp > regexes... or did you strip that part? Ah, I didn't realize and no, I did not strip that part. >> However, if I (just for testing), >> start a process: tail -f /var/log/qmail/dovecot/current |tai64nlocal >>>> /var/log/test.log >> >> and point fail2ban to /var/log/test.log instead, everything works >> like expected. >> >> Now, this looks like there is some difference in the way >> fail2ban-regex and fail2ban treat tai64n timestamps or what else >> might I be missing? > > Nothing, looks like a bug elsewhere, not in fail2ban. I tested your log > line (test.log): Hm, but that is exactly the point, isn't it? fail2ban-regex does recognize matches (and prints them with a datestamp), so why does fail2ban itself not block based on that information? Martin |