Hi,
I have again this in my logwatch :
Received disconnect:
11: [preauth]
221.229.162.7 : 6 Time(s)
221.229.166.101 : 3 Time(s)
58.218.199.96 : 1 Time(s)
58.218.204.107 : 1 Time(s)
58.218.204.211 : 4 Time(s)
58.218.204.215 : 5 Time(s)
58.218.204.23 : 6 Time(s)
58.218.204.80 : 2 Time(s)
58.218.211.17 : 4 Time(s)
I have this line in my configuration file /etc/fail2ban/filter.d/shd.conf :
^%(__prefix_line)sReceived disconnect from <HOST>: 11: \[preauth\]\s*$
When I test that, I match the IPs and they are in the findtime but they are
never banned.
How is it possible?
Thank you for any advice.
Christophe.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
