Re: [Fail2ban-users] [spam] Re: [spam] central syslog and hosts with hyphen in hostname.

[Yaroslav H. <li...@on...>]

so -- that was the ghost of trailing white-spaces ;-) (once again
proving the importance of providing sample logfiles as
attachments)

I have pushed "the fix":
https://github.com/fail2ban/fail2ban/commit/25f1e8d98c5a7af353b6d85d91a4b968a8425335
should be in the next release

so -- out of curiosity -- all those lines you sent me were generated on
by the same logger (which one btw?) on the server box having
obtained logs from other boxes via network? or have you composed them
manually from sample log files?

On Wed, 08 Feb 2012, Kelly Black wrote:

> Yaroslav,

> Thanks for the pointer.  I agree that the \S should work.  After testing 
> again, I tried putting just the two instances in a file (the working vs 
> the non-working and tried it using:

> fail2ban-regex ./tinyauthlog.log /etc/fail2ban/filter.d/sshd.conf

> And the rule matches, so, I would imagine my fault lies somewhere else.

> The funny thing is that I can always reproduce the error by using ssh to 
> the host with the hyphenated name and never hit the limit, but I can only 
> ssh and fail to auth to the host with the non-hyphenated name up to the 
> maxretry number of times.  I will post back when I figure it out.

> Thanks,
> Kelly
-- 
=------------------------------------------------------------------=
Keep in touch                                     www.onerussian.com
Yaroslav Halchenko                 www.ohloh.net/accounts/yarikoptic