When I run it, it tells me that I had xxx matches but I can't figure out
how to list them.
fail2ban-regex secure /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/sshd.conf
Use log file : secure
Results
=======
Failregex: 302 total
|- #) [# of hits] regular expression
| 3) [212] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\]
)?(?:@vserver_\S+
)?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
\d+ \S+\])?\s*Failed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(:
(ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ (?:[\da-f]{2}:){15}[\da-f]{2}(,
client user ".*", client host ".*")?))?\s*$
| 5) [90] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\]
)?(?:@vserver_\S+
)?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID
\d+ \S+\])?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [7179] MONTH Day Hour:Minute:Second
`-
Lines: 7179 lines, 0 ignored, 302 matched, 6877 missed
Missed line(s):: too many to print. Use --print-all-missed to print all 6877
lines
Thanks,
Jim.
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
