From: Nick H. <ni...@ho...> - 2024-05-20 12:54:31
|
You also need to give us a bit more help, like examples of the failed log you are trying to match. BTW, why try to match a port with \w+ and not \d+? And why \w+?. On 20/05/2024 13:36, Arturo 'Buanzo' Busleiman wrote: > It would seem that you need to learn more regex before attempting to > write fail2ban custom filters. It is in fact a common syntax. You just > need to read about the particulars. > > Please use fail2ban-regex command to test and learn. > > Bye! > > On Mon, May 20, 2024, 09:28 Maurizio Caloro <mau...@ca...> wrote: > > Yes, thanks, yes thats true > > * «.\[<HOST>\]:\ » > > but when i add this for example to pyrex, this didnt match. > > So its not possible to find any «regexeditor» that match with > fail2ban so that i can simulate this? > > This also is a valid string, this match on « Regex101 python « but > not with fail2ban > > * :\w+:\w+-\w+\w+\w+\w+\[<HOST>\]:\w+?w+?1.1 > > Sorry i have not yet understood which editor i can use for sim, or > is fail2ban a separate unic regex Interpreter? > > Thanks for update > > *Von:*Nick Howitt via Fail2ban-users > <fai...@li...> > *Gesendet:* Montag, 20. Mai 2024 13:53 > *An:* fai...@li... > *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - > question Regex > > Surely you need a <HOST> variable in that for f2b to work. > Something like: > > NON-SMTP COMMAND from.\[<HOST>\]:\d+ after CONNECT:.GET./.HTTP/1.1 > > Normally you'd also expect some sort of timestamp in the logs. > > On 20/05/2024 12:37, Maurizio Caloro via Fail2ban-users wrote: > > Thanks for your answer > > Please, after generate this syntax, no chance to include this > to Fail2ban. > > From 4389 found 0 hits > > [Appl PyRex] > > NON-SMTP COMMAND from.\[+.............\]:......after > CONNECT:.GET./.HTTP/1.1 > > NON-SMTP COMMAND from [64.62.197.214]:13465 after CONNECT: GET > / HTTP/1.1 > > But what are wrong here? > > thanks > > *Von:*Arturo 'Buanzo' Busleiman <bu...@bu... > > <mailto:bu...@bu...> > *Gesendet:* Montag, 20. Mai 2024 12:47 > *An:* mau...@ca... > *Cc:* Fail 2 Ban <Fai...@li...> > <mailto:Fai...@li...> > *Betreff:* Re: [Fail2ban-users] Fail2ban V1.1.0 from Github - > question Regex > > Use pyrex or any python compatible one. Also be mindful of > interpreting the filter definitions in filter.d and using > fail2ban-regex as testing ground. > > On Mon, May 20, 2024, 07:21 Maurizio Caloro via Fail2ban-users > <fai...@li...> wrote: > > Hello > > Please i think the Version 1.1.0 are the newest Version > from Fail2ban? > > Support this now full regex?, i see meny time, that i > puzzle on regex101 me syntax and after implement > > This to live system, this will be always chane. > > So this question, about Regex compatilities ? > > Thanks > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > _______________________________________________ > > Fail2ban-users mailing list > > Fai...@li... > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |