tags 719662 +fixed-upstream thanks thanks ... all those were refactored post 0.8.10 quite a bit.
I have checked with current master -- seems to be fine with your line, so consider it fixed upstream $> git describe 0.8.10-145-g2aa8dde $> ./fail2ban-regex "[Aug 1 17:17:11] NOTICE[27170] chan_sip.c: Registration from '"11" <sip:[email protected]>' failed for '188.138.110.45:5178' - Wrong password" config/filter.d/asterisk.conf Running tests ============= Use failregex file : config/filter.d/asterisk.conf Use single line : [Aug 1 17:17:11] NOTICE[27170] chan_sip.c: Regist... Results ======= Failregex: 1 total |- #) [# of hits] regular expression | 1) [1] ^\[\]\s*(?:NOTICE|SECURITY)(?:\[\d+\]):?(?:\[\S+\d*\])? \S+:\d* Registration from '[^']*' failed for '<HOST>(:\d+)?' - Wrong password$ `- Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [1] MONTH Day Hour:Minute:Second `- Lines: 1 lines, 0 ignored, 1 matched, 0 missed On Tue, 13 Aug 2013, Marc F. Clemente wrote: > Package: fail2ban > Version: 0.8.10-3 > Severity: normal > I am using fail2ban to monitor asterisk pbx log files. In the log files I > get errors like this one: > [Aug 1 17:17:11] NOTICE[27170] chan_sip.c: Registration from '"11" > <sip:[email protected]>' failed for '188.138.110.45:5178' - Wrong password > It should be caught with this regex in /etc/fail2ban/filter.d/asterisk.conf > NOTICE%(__pid_re)s\[[^:]+\] [^:]+: Call from '[^']*' \(<HOST>:[0-9]+\) to > extension '[0-9]+' rejected because extension not found in context 'default'.$ > But it does not work. I had to modify the regex to this to make it work: > NOTICE%(__pid_re)s [^:]+: Call from '[^']*' \(<HOST>:[0-9]+\) to extension > '[0-9]+' rejected because extension not found in context 'default'.$ > Maybe I'm doing something wrong in my asterisk log files. > Thanks, > Marc > -- System Information: > Debian Release: jessie/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > Kernel: Linux 3.9-1-amd64 (SMP w/8 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Versions of packages fail2ban depends on: > ii lsb-base 4.1+Debian12 > ii python 2.7.5-3 > Versions of packages fail2ban recommends: > ii iptables 1.4.20-1 > pn python-pyinotify <none> > ii whois 5.0.26 > Versions of packages fail2ban suggests: > ii mailutils [mailx] 1:2.99.98-1 > pn python-gamin <none> > ii rsyslog [system-log-daemon] 7.4.3-1 > -- no debconf information -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
