Before I ask my regex qestion, there's a small typo I found in jail.conf.
Where it says "log-warning" in the MySQL section it should be
"log_warnings" instead. That is what can be put into the /etc/my.cnf file
else there is "--log-warnings" that can also be added to the command that
run mysql but there is no "log-warning" as we see in jail.conf.
https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_log_warnings
And here's where I need help, my mysqld.log file shows:
2016-06-17T15:15:41.206828-05:00 16 Connect [email protected] on
using TCP/IP
2016-06-17T15:15:41.206861-05:00 16 Connect Access denied for user
'root'@'192.168.233.10' (using password: YES)
But the regex try to find a line like this:
130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using
password: YES)
Regex line is:
failregex = ^%(__prefix_line)s(\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[Warning\]
Access denied for user '\w+'@'<HOST>' (to database '[^']*'|\(using
password: (YES|NO)\))*\s*$
I have experience with regex but I'm having trouble to get the date out and
I don't know what's this __prefix_line actually mean. Will be much
appreciated if anyone can help me create a new regex, thanks!
Using
CentOS Linux release 7.2.1511 (Core)
Server version: 5.7.12-log MySQL Community Server (GPL)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
