catching timestamp formats?

[murdocklawless]

timestamp format in log file is;

[05-Oct-2021 17:09:39 +0300]

how can I catch this?

[sebres]

Huh?
This is default datepattern (at least in all current versions), thus 05-Oct-2021 17:09:39 +0300 should be matched without to set datepattern additionally (and [] can be matched as a part of failregex):

PoC, fail2ban-regex test default pattern

$ fail2ban-regex '[05-Oct-2021 17:09:39 +0300] 192.0.2.1' '^\s*(?:\[\]\s+)?<ADDR>'

Running tests
=============

Use   failregex line : ^\s*(?:\[\]\s+)?<ADDR>
Use      single line : [05-Oct-2021 17:09:39 +0300] 192.0.2.1


Results
=======

Failregex: 1 total
|-  #) [# of hits] regular expression
|   1) [1] ^\s*(?:\[\]\s+)?<ADDR>
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [1] {^LN-BEG}Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-

Lines: 1 lines, 0 ignored, 1 matched, 0 missed
[processed in 0.00 sec]

If you need a exact pattern rather - you can set datepattern = ^\[%%d-%%b-%%Y %%H:%%M:%%S(?: %%z)?\]\s:

PoC, fail2ban-regex test with exact pattern

$ fail2ban-regex -d '^\[%d-%b-%Y %H:%M:%S(?: %z)?\]\s' '[05-Oct-2021 17:09:39 +0300] 192.0.2.1' '^\s*<HOST>'

Running tests
=============

Use      datepattern : ^\[%d-%b-%Y %H:%M:%S(?: %z)?\]\s : ^\[Day-MON-Year 24hour:Minute:Second(?: Zone offset)?\]\s
Use   failregex line : ^\s*<HOST>
Use      single line : [05-Oct-2021 17:09:39 +0300] 192.0.2.1


Results
=======

Failregex: 1 total
|-  #) [# of hits] regular expression
|   1) [1] ^\s*<HOST>
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [1] ^\[Day-MON-Year 24hour:Minute:Second(?: Zone offset)?\]\s
`-

Lines: 1 lines, 0 ignored, 1 matched, 0 missed
[processed in 0.00 sec]