Thanks Tim. I think I got it to work.... YAY!
Matched 28 from the log
Running tests
=============
Use failregex filter file : sevpn-notclient, basedir: /etc/fail2ban
Use maxlines : 3
Use datepattern : Default Detectors
Use log file : /softethervpn/server_log/vpn_20210827.log
Use encoding : UTF-8
Results
=======
Failregex: 28 total
|- #) [# of hits] regular expression
| 1) [28] IP address\: <HOST>.*\n.*\n.*A client which is non-SoftEther
VPN software has connected to the port\..*\n
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [338] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|
?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
`-
Lines: 338 lines, 0 ignored, 84 matched, 254 missed
[processed in 0.68 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 254
It's not a perfect rule, but it works.
On Fri, 27 Aug 2021 at 09:38, Tim Boneko via Fail2ban-users <
[email protected]> wrote:
> Am Freitag, dem 27.08.2021 um 09:20 +0100 schrieb Myron:
> >
> > I have, so far, tested the failregex on a regexp expression
> > evaluator and the match is successful. I don't know how to debug
> > this using fail2ban tools.
>
> Hi!
> Take the appropriate tool called fail2ban-regex.
> Situation:
> New failregex in
> etc/fail2ban/filter.d/yourfilter.conf
> Log output in /var/log/daemon/daemon.log
>
> fail2ban-regex /var/log/daemon/daemon.log yourfilter
>
> tim
>
> > > _______________________________________________
> > > Fail2ban-users mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
>
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
