Join Log in
Score:0
Storm avatar Server

How to make an regex in Fail2ban with ip:port

yt flag
Storm

First of all, English is not mu native language, so if I make a mistake don't shoot me. :) Here's my problem: when I use every thing works fine, as soon as there is a port number or a comma direct after the IP-address is involved, it never has a match.

Here is a snippit from the logfile:

[08/Apr/2023 17:48:27] SMTP Spam attack detected from 91.223.169.83:60616, client sent data before SMTP greeting

In the above snippit you see the ip-address followed by colon, the port number and a comma. If I use < HOST > it doesn't match because (IMHO) of the colon, port number and comma. How do I construct a regex so that it matches only the IP-address?

Sometimes it's also like 1.2.3.4, so a comma following the IP-address.

Thanks in advance for your help. Storm

67
1 + 1
markalex avatar
za flag
markalex
Please share your current regex.
0
Reply
Score:0
Mansur Ul Hasan avatar Server
gh flag
Mansur Ul Hasan

i was able to do that by below string

Regex

\(<HOST>:\d+\)

My complete Regex

^Registration from '(?:[^']*|.*?)' failed for \(<HOST>:\d+\) - Wrong password
+ 1
Storm avatar
yt flag
Storm
Hi markalex, thanks for your respons. Could you please clarify how it works. As far as I know the "\" is an escape character, so you can use the "(" as a normal character. If that's true then wath does "\d+" mean. As you can see, I'm not the brightest start in regex :) .
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.