globo
By:
globo

problem with regex in Fail2ban

June 30, 2017 371 views
Nginx Ubuntu

Bonjour,

I try to enter a new jail for my fail2ban, but I'm not really good in regex.
My line to analyse is :
2017/06/30 06:15:19 [info] 2144#0: 257197 upstream sent invalid response: "NO AUTHENTICATE failed" while reading response from upstream, client: 59.61.79.82:33407, server: 0.0.0.0:993
and I try with
failregex = .
upstream sent invalid response: '.' \client: '<HOST>'\
and the error is
ERROR Unable to compile regular expression '.
upstream sent invalid response: '.' \client: '(?:::f{4,6}:)?(?P<host>[\w-.^_]\w)'\'
I try to change a part, to find a good way... but nothing good, and all the time this error.

Thanks for your help.

3 Answers

Hi @globo

You need to use the </> button in the comment editor, so the text doesn't lose format.

A good tool for playing around with regex is this website:
https://regex101.com/ - by the way, fail2ban is Python based, so choose that in Flavor.

Hi Hansen,

ok thanks

017/06/30 06:15:19 [info] 2144#0: *257197 upstream sent invalid response: "NO AUTHENTICATE failed" while reading response from upstream, client: 59.61.79.82:33407, server: 0.0.0.0:993
failregex = .* upstream sent invalid response: '.*' \client: '<HOST>'\
  • Try this instead:

    failregex = upstream sent invalid response: .+ client: <HOST>:
    

Hello
nice, works fine.
A great thanks.

Have another answer? Share your knowledge.