problem with regex in Fail2ban

June 30, 2017 1.2k views
Nginx Ubuntu
globo
By:
globo

Bonjour,

I try to enter a new jail for my fail2ban, but I'm not really good in regex.
My line to analyse is :
2017/06/30 06:15:19 [info] 2144#0: 257197 upstream sent invalid response: "NO AUTHENTICATE failed" while reading response from upstream, client: 59.61.79.82:33407, server: 0.0.0.0:993
and I try with
failregex = . upstream sent invalid response: '.' \client: '<HOST>'\
and the error is
ERROR Unable to compile regular expression '. upstream sent invalid response: '.' \client: '(?:::f{4,6}:)?(?P<host>[\w-.^_]\w)'\'
I try to change a part, to find a good way... but nothing good, and all the time this error.

Thanks for your help.

Log In to Comment
3 Answers
hansen June 30, 2017

Hi @globo

You need to use the </> button in the comment editor, so the text doesn't lose format.

A good tool for playing around with regex is this website:
https://regex101.com/ - by the way, fail2ban is Python based, so choose that in Flavor.

Reply
globo June 30, 2017

Hi Hansen,

ok thanks

017/06/30 06:15:19 [info] 2144#0: *257197 upstream sent invalid response: "NO AUTHENTICATE failed" while reading response from upstream, client: 59.61.79.82:33407, server: 0.0.0.0:993

failregex = .* upstream sent invalid response: '.*' \client: '<HOST>'\
Reply
  • hansen June 30, 2017

    Try this instead:

    failregex = upstream sent invalid response: .+ client: <HOST>:
globo July 10, 2017

Hello
nice, works fine.
A great thanks.

Reply
Have another answer? Share your knowledge.

Related Questions