could you share auth.log in question?
> The Sarge version from official backports seems to work:
you meant etch?
and there is no official backports in Debian project ;-) there is backports.org
though ;-)
On Thu, 22 Nov 2007, Jozef Janitor wrote:
> Package: fail2ban
> Version: 0.7.5-2
> Debian version: Etch
> The "fail2ban-regex" command is has problems with the input parameters.
> When I invoke "fail2ban-regex /var/log/auth.log
> /etc/fail2ban/filter.d/sshd.conf" it ends up with "Sorry, no match" result.
> [code]
> jozjan:~# fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
> Sorry, no match
> [/code]
> When I invoke "fail2ban-regex foo foo" it ends up with this message:
> [code]
> jozjan:~# fail2ban-regex foo foo
> Found a match but no valid date/time found for foo. Please contact the
> author in order to get support for this format
> Sorry, no match
> [/code]
> The Sarge version from official backports seems to work:
> [code]
> ns:~# fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
> Running tests
> =============
> Use regex file : /etc/fail2ban/filter.d/sshd.conf
> Use log file : /var/log/auth.log
> Results
> =======
> Failregex
> |- Regular expressions:
> | [1] (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
> | [2] Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
> | [3] ROOT LOGIN REFUSED.* FROM <HOST>\s*$
> | [4] [iI](?:llegal|nvalid) user .* from <HOST>\s*$
> | [5] User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
> | [6] User .+ from <HOST> not allowed because none of user's groups are
> listed in AllowGroups\s*$
> `- Number of matches:
> [1] 0 match(es)
> [2] 58 match(es)
> [3] 0 match(es)
> [4] 0 match(es)
> [5] 0 match(es)
> [6] 0 match(es)
> Ignoreregex
> |- Regular expressions:
> `- Number of matches:
> Summary
> =======
> Addresses found:
> [1]
> [2]
> 147.x.x.x (Thu Nov 22 02:00:59 2007)
> 147.x.y.z (Thu Nov 22 02:03:05 2007)
> ...
> [3]
> [4]
> [5]
> [6]
> Date template hits:
> 58 hit(s): Month Day Hour:Minute:Second
> 0 hit(s): Weekday Month Day Hour:Minute:Second Year
> 0 hit(s): Weekday Month Day Hour:Minute:Second
> 0 hit(s): Year/Month/Day Hour:Minute:Second
> 0 hit(s): Day/Month/Year:Hour:Minute:Second
> 0 hit(s): Year-Month-Day Hour:Minute:Second
> 0 hit(s): Day-Month-Year Hour:Minute:Second[.Millisecond]
> 0 hit(s): TAI64N
> 0 hit(s): Epoch
> Success, the total number of match is 58
> However, look at the above section 'Running tests' which could contain
> important
> information.
> [/code]
> Although the sarge backport version is 0.8.1-2~bpo31+1, which is a "complete
> rewrite of 0.7 version", so maybe the behavior of fail2ban-regex in the 0.7
> brand is a bit different. But whatever the behavior is, it's not working in
> Etch :-(
> Thank you.
> All the best,
> Jozef Janitor
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://www.linkedin.com/in/yarik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
