fail2ban v0.10.3 linux v4.12.14-lp150.12.58-default x86_64 The second regex (...Error Code=unknown...) below is not matching the second example. fail2ban-regex was not helpful even with --verbosity=4; it only matched the date pattern. The first regex matches without a problem. Does anyone see what the error is?
# Capture dictionary attacks # 20:24:51.463 1 IMAP-151473([114.104.162.36]:54046) failed to open ACCOUNT([email protected]) for [114.104.162.36]:54046->[192.168.69.246]:993. Error Code=account is not available on this system # 17:49:22.641 1 SMTPI-025271([45.13.36.34]) failed to open ACCOUNT([email protected]) for [45.13.36.34]:24620->[192.168.69.246]:465. Error Code=unknown user account # failregex = ^.*\(\[<HOST>\]\:.*\).*?Error Code=account is not available.*$ ^.*\(\[<HOST>\]\:.*\).*?Error Code=unknown user account*$ datepattern = %%H:%%M:%%S -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
