[Fail2ban-users] issue matching date/time in epoch format when not at beginning of the line

[Guiom]

- Fail2Ban version (including any possible distribution suffixes): Fail2ban 
v0.9.3
- OS, including release name/version: Ubuntu 16.04.3 LTS
- [X] Fail2Ban installed via OS/distribution mechanisms
- [X] You have not applied any additional foreign patches to the codebase
- [ ] Some customizations were done to the configuration (provide details below 
is so)

### The issue: unable to match log entry if timestamp is in epoch format and 
not at the beginning of the line

_Summary here_

the offending log entry:

109.145.30.225 | AuthenticationFailureEvent | guiom | 1516469849551 | guiom | 
{"authentication-method":"form","error":"Invalid username or password."} | 
@P8404Gx1057x12380x0 | 1p1yp8q

this is Bitbucket server. The timestamp is in column 4 (assuming | separators)

jail.conf matches the entry but cannot extract the date:

2018-01-20 17:37:29,555 fail2ban.filter         [3271]: WARNING Found a match 
for '109.145.30.225 | AuthenticationFailureEvent | guiom | 1516469849551 | 
guiom | {"authentication-method":"form","error":"Invalid username or 
password."} | @P8404Gx1057x12380x0 | 1p1yp8q' but no valid date/time found for 
'109.145.30.225 | AuthenticationFailureEvent | guiom | 1516469849551 | guiom | 
{"authentication-method":"form","error":"Invalid username or password."} | 
@P8404Gx1057x12380x0 | 1p1yp8q'. Please try setting a custom date pattern (see 
man page jail.conf(5)). If format is complex, please file a detailed issue on 
https://github.com/fail2ban/fail2ban/issues in order to get support for this 
format.

[Definition]
failregex = <HOST>  | AuthenticationFailureEvent | .*Invalid username or 
password

ignoreregex =





  <https://www.phronesis.tech/>
Dr Guillaume Peersman
m:      +447976918568   e:  gu...@peersman.fr <mailto:gu...@peersman.fr>
a:      37 Great Pulteney Street, Bath, Avon, BA2 4DA
   <https://www.linkedin.com/in/dr-guillaume-peersman>   
<skype:gpeersman?userinfo>  
<https://dl.dropboxusercontent.com/s/thav64fg0o1fj7v/Dr%20Guillaume%20Peersman%20%281F05BFB1%29%20%E2%80%93%20%40phronesis.net%20-%20Public.asc?dl=0>
Phronesis Technologies Limited is a company registered in England under number 
10726796.

signature.asc
Description: Message signed with OpenPGP

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users