-
Having trouble getting a regex pattern to work with fail2ban. I'm trying to ban ip address from failed authentications on realvncserver and I'm not getting it to work. Some help would be welcome. Thank you. the current filter:
Log |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
You don't need filter for such simple stuff (can write failregex directly in jail): [vncserver]
failregex = ^\s*\S+\s+\S+\[\d+\]: Connections: disconnected: <ADDR>::\d+ \(\S+\) \(\[AuthFailure\]
enabled = true (this will work for fail2ban versions >= 0.10, for versions smaller than 0.10, replace |
Beta Was this translation helpful? Give feedback.
You don't need filter for such simple stuff (can write failregex directly in jail):
(this will work for fail2ban versions >= 0.10, for versions smaller than 0.10, replace
<ADDR>
with<HOST>
and setusedns = no
in jail, but I have no idea whether defaultdatepattern
of v.0.9 would find timestamp2021-05-31T17:34:27.479Z
, if not - specify customdatepattern
in init section of filter).