Fail2ban python regex issue
pathiaki2 at yahoo.com
Sun Jul 24 17:08:25 UTC 2016
I solved it with a much less selective line:
^%(__prefix_line)sauth: ldap\(\S*,<HOST>\): unknown user
It grabs the correct lines and bans the correct IPs now.
Thank you for making me think 'simpler'.
On 07/24/2016 11:55, RW via freebsd-questions wrote:
> On Sat, 23 Jul 2016 17:06:53 -0400
> pathiaki2 via freebsd-questions wrote:
>> I'm extending fail2ban to catch things on FreeBSD.
>> Jul 23 00:02:48 <machine FQDN> dovecot: auth:
>> ldap(valeria,22.214.171.124): unknown user (SHA1 of given password:
>> I'm trying this:
>> ^%(__prefix_line)s(: auth: ldap\(\S+,<HOST>\):) unknown user\s*$
>> What am I missing? There's no error with the interpreter, it's just
>> not matching the line.
> I don't use fail2ban, so I may have misunderstood something, but the
> obvious answer is that the "\s*$" on the end of the regex shouldn't be
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions