On 2022-03-07 03:15, Richard Hector wrote:
> MarĀ 6 16:17:38 akl-host6 sshd[33035]: error:
> kex_exchange_identification: Connection closed by remote host
> MarĀ 6 16:17:38 akl-host6 sshd[33035]: Connection closed by
> 46.19.139.18 port 32834
>
(I am a little late to the party.)
The vertical bar allows multi-line expressions. Below is a sample given the
log entries you provided. I created a simple failregex for testing.
% fail2ban-regex "Mar 6 16:17:38 akl-host6 sshd[33035]: error:
kex_exchange_identification: Connection closed by remote host | Mar 6 16:17:38
akl-host6 sshd[33035]: Connection closed by 46.19.139.18 port 32834" "^.*
error\: kex_exchange_identification.*Connection closed by <HOST> port.*"
Running tests
=============
Use failregex line : ^.* error\: kex_exchange_identification.*Connectio...
Use single line : Mar 6 16:17:38 akl-host6 sshd[33035]: error: kex_...
Results
=======
Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] ^.* error\: kex_exchange_identification.*Connection closed by <HOST>
port.*
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
[processed in 0.01 sec]
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
