From: Fabian W. <fa...@we...> - 2013-04-02 23:52:51
|
Hello Alex On 02.04.2013 01:06, Alex wrote: >>> My filter is very simple: >>> >>> failregex = [MASS_MAILING.* from : Total >> >> I would have suggested something like this: >> >> failregex = \[MASS_MAILING\] .* from <HOST>: Total .* recipients$ > > I tried to make it as broad as possible to make sure my filter wasn't > the cause of the failure to match. I guess the error messages was clear enough that it is the date format. But sure, reducing mistakes is always a good idea. But for filters in use, I like them to use as much information from the log as possible to identify the correct message. Most of my jails work on the same general syslog log file. And also in the case of [ and ] in the log line, you need to escape them with \[ and \]. > It turns out I was able to reformat the way squirrelmail prints its > date, so was able to then match it properly with fail2ban. Ah perfect. > I also got squirrelmail to log to syslog, which uses the well-known > date format, so have that option too. I do this with my Roundcube logging. bye Fabian |