New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Help needed with fail2ban-regex guacamole docker logs #2879
Comments
You have to escape -fail2ban-regex -v --datepattern='^\{"log":"%%H:%%M:%%S\.%%f+\s+' ...
+fail2ban-regex -v --datepattern='^\{"log":"%H:%M:%S\.%f+\s+' ... as for RE, your (second) variant would not work (also with correct datepattern), because your message does not end with I would do something like this:
This is more distinctive, anchored from start, and using datepattern for more precise timestamp with date (in UTC, at end of log). |
A slight error has crept in above (I updated the message) - to recognize -dp=',"time"\s*:\s*"%Y-%m-%dT%H:%M:%S\.%f\d*%Z"\}$'
+dp=',"time"\s*:\s*"%Y-%m-%dT%H:%M:%S\.%f\d*%z"\}$'
...
-| 192.168.8.5 Sun Nov 22 11:59:14 2020
+| 192.168.8.5 Sun Nov 22 12:59:14 2020
...
-| [1] ,"time"\s*:\s*"Year-Month-DayT24hour:Minute:Second\.Microseconds\d*Zone name"\}$
+| [1] ,"time"\s*:\s*"Year-Month-DayT24hour:Minute:Second\.Microseconds\d*Zone offset"\}$ |
Thank you! Add your advice: One last question; I want to reduce coming workload for fail2ban.filter :) From This runs in an error; Something I can do ? |
Not really. Because currently fail2ban doing the glob interpolation and search only once by start-up (there is an issue #1379 and a lot of some experimental branches which are not yet merged in core).
yes, remove trailing backslash |
Once again: Thank you! |
Thank you!!! Appreciated! |
General Information:
Distribution: Ubuntu 18.04
Fail2Ban v0.10.2
Environment:
Fill out and check (
[x]
) the boxes which apply. If your Fail2Ban version is outdated,and you can't verify that the issue persists in the recent release, better seek support
from the distribution you obtained Fail2Ban from
my problem:
Dear sebres,
I leand a lot the last 3 days about shell scripting :)
But regex syntax is really strange stuff; I don't understand how it works.
There are view limitations now with this WAF product and I need to activate my good old guacamole containers.
This is how the log looks like:
Step1;Starting simple - Helpful: #2645 (comment)
Works!
Step2; Add datepattern; Helpful #2592 (comment)
Failed :(
And using the full log string incl. „n","stream":"stdout","time":"2020-11-22T11:59:15.477692225Z"“ Step1 also return NULL matches.
Could you please help me here a second time?
The text was updated successfully, but these errors were encountered: