filter.d/recidive.conf - restore possibility to set jail name in th…

…e filter, _jailname is positive now (but by default it uses now negative lookahead to exclude recidive jail);

closes gh-3769

ChangeLog

@@ -20,6 +20,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
   - sshd backend switched to `systemd` (gh-3292)
 * `action.d/firewallcmd-ipset.conf`:
   - rename `ipsettype` to `ipsetbackend` (gh-2620), parameter `ipsettype` will be used now to the real set type (gh-3760)
+* `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (gh-3769)
 
 ### New Features and Enhancements
 * `action.d/*-ipset.conf`:

config/filter.d/recidive.conf

@@ -24,14 +24,15 @@ before = common.conf
 _daemon = (?:fail2ban(?:-server|\.actions)\s*)
 
 # The name of the jail that this filter is used for. In jail.conf, name the jail using
-# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`
-_jailname = recidive
+# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`,
+# default all jails excepting recidive
+_jailname = (?!recidive\])[^\]]*
 
-failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[<_jailname>\]\s+Ban\s+<HOST>
 
 [lt_short]
 _daemon = (?:fail2ban(?:-server|\.actions)?\s*)
-failregex = ^%(__prefix_line)s(?:\s*fail2ban(?:\.actions)?\s*%(__pid_re)s?:\s+)?(?:NOTICE\s+)?\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^%(__prefix_line)s(?:\s*fail2ban(?:\.actions)?\s*%(__pid_re)s?:\s+)?(?:NOTICE\s+)?\[<_jailname>\]\s+Ban\s+<HOST>
 
 [lt_journal]
 _daemon = <lt_short/_daemon>