hi everybody, I'm a newbie so be easy on me please :)
I have such a conf file: ... before = common.conf [Definition] _daemon = smbd failregex = ^%(__prefix_line)sAuth: \[SMB[0-9]\,\(null\)\] user \[.+\]\\\[.+\] at \[.+\] with \[NTLMv2\] status \[NT_STATUS_WRONG_PASSWORD\] workstation \[.+\] remote host \[ <HOST> \:.+\] .$ and in a log for testing: $ cat smb-log-for-fail2ban.log Oct 15 18:17:50 swir smbd[692711]: Auth: [SMB2,(null)] user [NNR_BI]\[mee] at [Tue, 15 Oct 2019 18:17:50.190330 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [NNRDC] remote host [ipv4:10.5.5:37308] mapped to [NNR_BI]\[mee]. local host [ipv4:172.24.154.204:445] 3739wf aad99334 dsfasd34 433 then: ]$ fail2ban-regex smb-log-for-fail2ban.log /etc/fail2ban/filter.d/samba-ccnr.conf Running tests ============= Use failregex filter file : samba-ccnr, basedir: /etc/fail2ban Use log file : smb-log-for-fail2ban.log Use encoding : UTF-8 Results ======= Failregex: 0 total Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [1] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? `- Lines: 2 lines, 0 ignored, 0 matched, 2 missed [processed in 0.00 sec] |- Missed line(s): | Oct 15 18:17:50 swir smbd[692711]: Auth: [SMB2,(null)] user [NNR_BI]\[mee] at [Tue, 15 Oct 2019 18:17:50.190330 BST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [NNRDC] remote host [ipv4:10.5.5.202:37308] mapped to [NNR_BI]\[mee]. local host [ipv4:10.5.5.204:445] | 3739wf aad99334 dsfasd34 433 `- What do I fail to understand when I construct my rules? What is not working? many thanks, L.
pEpkey.asc
Description: application/pgp-keys
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
