Menu
▾
▴
Re: [Fail2ban-users] Fail2Ban regex dealing with special characters of apache logs
|
From: Fabian W. <fa...@we...> - 2013-04-17 15:20:29
|
Hello Yoyo
On 17.04.2013 16:41, Yoyo Yoyomaster wrote:
> # cat fail2ban-regex-test
> 8.8.8.8 - - [12/Apr/2013:03:05:20 +0200] "GET
> /components/com_jnews/includes/openflashchart/tmp-upload-images/sh.php?c_id=ZWNobygidDc0Mzk4MTIiKTs=
> HTTP/1.1" 404 2396 "-" "-" "-"
Use a regex like this:
^<HOST> -.*"GET \/.*php\?c_id=.*$
And here is the test output (sorry for the line wrapping):
fabian@superman:~ $ fail2ban-regex '8.8.8.8 - -
[12/Apr/2013:03:05:20 +0200] "GET
/components/com_jnews/includes/openflashchart/tmp-upload-images
/sh.php?c_id=ZWNobygidDc0Mzk4MTIiKTs= HTTP/1.1" 404 2396 "-" "-"
"-"' '^<HOST> -.*"GET \/.*php\?c_id=.*$'
Running tests
=============
Use regex line : ^<HOST> -.*"GET \/.*php\?c_id=.*$
Use single line: 8.8.8.8 - - [12/Apr/2013:03:05:20 +0200] "GET
/com...
Results
=======
Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] ^<HOST> -.*"GET \/.*php\?c_id=.*$
`-
Ignoreregex: 0 total
Summary
=======
Addresses found:
[1]
8.8.8.8 (Fri Apr 12 03:05:20 2013)
Date template hits:
2 hit(s): Day/MONTH/Year:Hour:Minute:Second
Success, the total number of match is 1
However, look at the above section 'Running tests' which could
contain important
information.
fabian@superman:~ $
bye
Fabian
|