From: Kelly Black <kelly@hu...> - 2012-02-09 04:09:44
I re-tried that test by stacking the deck and filling the file with just
failures to different hosts with the same attacking host.
fail2ban-regex ./tinyauthlog.log /etc/fail2ban/filter.d/sshd.conf
For a different test. I found that in the file with 3 unique hosts
attacked and a total of 361 lines, I have the final result of:
Success, the total number of match is 36
Not sure where 36 comes from, but it seems to be matching only 36 times
out of the 361 lines that should match on this rule:
|  ^\s*(?:\S+ )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Failed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
Ugh. Need to figure out my toolbox :-)
Get latest updates about Open Source Projects, Conferences and News.