problem with regex in Fail2ban

June 30, 2017 2.7k views
Nginx Ubuntu

Bonjour,

I try to enter a new jail for my fail2ban, but I’m not really good in regex.
My line to analyse is :
2017/06/30 06:15:19 [info] 2144#0: 257197 upstream sent invalid response: “NO AUTHENTICATE failed” while reading response from upstream, client: 59.61.79.82:33407, server: 0.0.0.0:993
and I try with
failregex = .
upstream sent invalid response: ’.’ \client: ’<HOST>’\
and the error is
ERROR Unable to compile regular expression ’.
upstream sent invalid response: ’.’ \client: ’(?:::f{4,6}:)?(?P<host>[\w-.^_]\w)’'
I try to change a part, to find a good way… but nothing good, and all the time this error.

Thanks for your help.

3 Answers

Hi @globo

You need to use the </> button in the comment editor, so the text doesn’t lose format.

A good tool for playing around with regex is this website:
https://regex101.com/ - by the way, fail2ban is Python based, so choose that in Flavor.

Hi Hansen,

ok thanks

017/06/30 06:15:19 [info] 2144#0: *257197 upstream sent invalid response: "NO AUTHENTICATE failed" while reading response from upstream, client: 59.61.79.82:33407, server: 0.0.0.0:993
failregex = .* upstream sent invalid response: '.*' \client: '<HOST>'\

Hello
nice, works fine.
A great thanks.

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!