Hey all,
I'm using root@asterisk:/var/lib/fail2ban# fail2ban-client version
0.9.6
On debian 9.13, installed via apt-get.
Our main use is to protect our wide-open (global user base) asterisk
server from the world.
We have a regex that "matches" but I watch fail2ban.log with "tail
-F" and I watch match and match and match
and not ban. If I do a service fail2ban restart, suddenly it wakes up and
bans that IP.
fail2ban-regex DOES show that the strings are matching.
Here's a log snippet. Note when the pid changes due to a restart.
An example:
2021-01-14 14:37:36,372 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:37:52,231 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:12,388 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:13,180 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:13,455 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:14,320 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:20,429 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:22,656 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:23,965 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:26,510 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:35,727 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:35,833 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:39,515 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:46,427 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:50,407 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:51,061 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:53,332 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:54,173 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:55,435 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:38:57,805 fail2ban.filter [13850]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:11,130 fail2ban.filter [27587]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:11,130 fail2ban.filter [27587]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:11,131 fail2ban.filter [27587]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:16,630 fail2ban.filter [27587]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:19,613 fail2ban.filter [27587]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:22,519 fail2ban.filter [27587]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:22,806 fail2ban.actions [27587]: NOTICE
[asterisk] Ban 5.135.143.184
2021-01-14 14:39:25,819 fail2ban.filter [27587]: INFO
[asterisk] Found 5.135.143.184
2021-01-14 14:39:32,858 fail2ban.actions [27587]: NOTICE
[asterisk] 5.135.143.184 already banned
2021-01-14 14:39:34,862 fail2ban.actions [27587]: NOTICE
[asterisk] 5.135.143.184 already banned
2021-01-14 14:39:36,864 fail2ban.actions [27587]: NOTICE
[asterisk] 5.135.143.184 already banned
--
"And, a special guest, from the future, miss Ria Pischell. Miss Pischell,
as you all know, is the inventor of the Statiophonic Oxygenetic
Amplifiagraphaphonadelaverberator, and it's pretty hard to imagine life
without one of those.
-Rufus, Bill & Ted's Bogus Journey
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
