Hi,
Could you, please, help to write regex to catch log entries like this:
Jan 21 19:05:23 localhost sshd[25817]: Invalid user from 185.246.128.25 port
28758
As you can see, after 'Invalid user' there is space and for some reason it is
not being processed by this regex:
^Invalid user \S+ from <HOST>(?: (?:port \d+|on \S+)){0,2}$
which successfully catches other log entries like this:
Jan 21 19:05:23 localhost sshd[25817]: Invalid user admin from 185.246.128.25
port 28758
Any ideas?
Thanks.
Denis
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
