-
Hello! Here is the docker log:
Here is the filter:
Here is the
I use fail2regex bash to test:
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Your RE is anchored at end (due to failregex = ^(?:\{"log":")?\s*sshd\[\d+\]: Invalid user <F-USER>\S*</F-USER> from <ADDR> Another variant would be to reconfigure the container:
|
Beta Was this translation helpful? Give feedback.
Your RE is anchored at end (due to
$
token), so the address is being searched at end of the line, whereas in this message format (looks like a JSON) it is in the middle of string. You can remove the anchor and it will start to work, but better use something like this (that is anchored at start):Another variant would be to reconfigure the container:
backend = systemd[journalfil…