Hi, Either I do not understand something or it's not documented.
I try to use the 'ignoreregex' in a few filters but it doesn't work? I can take something that I'm looking for like: 24.113.14.230 - - [09/Oct/2013:18:48:19 +0000] "GET /HNAP1/ HTTP/1.1" 404 204 "http://68.186.255.231/"; "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20030306 Camino/0.7" Put this expression in failregex: ^<HOST> -.*"(((GET|POST|HEAD|CONNECT).*/(HNAP(1)+/?)?.* HTTP/[12].\d+" \d\d\d )).* And I can catch it.... Results ======= Failregex: 9 total |- #) [# of hits] regular expression | 15) [8] ^<HOST> -.*"(((GET|POST|HEAD|CONNECT).*/(HNAP(1)+/?)?.* HTTP/[12].\d+" \d\d\d )).* `- Ignoreregex: 0 total However, the same expression in ignoreregex does nothing. Simply, I move it from the failedregex to the ignoreregex definitions. It's never caught. The ignoreregex still says 0 entries found. What formatting am I missing? Does it need to go into both fail and ignore? Please assist. I'm using fail2ban version 0.9.4 FreeBSD 10.3 Thank you, P. ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
