Hi so I'm trying to match the following log line:
E/Sun, 04 Mar 2018 21:40:32 +0100: Error logging in from RemoteIP: 1.2.3.4
And after many hours I've finally got a regex that works on debuggerex, regextester, etc. But I cannot for the life of me get fail2ban to match it.
My regex in fail2ban is as follows:
^E\/(Mon|Tue|Wed|Thu|Fri|Sat|Sun), ([0-1][0-9]) (\w\w\w) (\d\d\d\d) (00|[0-9]|1[0-9]|2[0-3]):([0-9]|[0-5][0-9]):([0-9]|[0-5][0-9]) (\+[0-9][0-9][0-9][0-9]): Error logging in from RemoteIP: <HOST>$
Am I missing something basic here or what?
Best Answer
Because i cannot spot your problem, here is the general method of fixing a fail2ban match regex.
/var/log/foo.log
fail2ban-regex /var/log/foo.log 'substring of regex'