Sergey G. Brester
Sergey G. Brester
By the way, you don't need `ignoreregex` to ignore some domains... Just specify it as a negative lookahead directly in `failregex`, for example: ```ini failregex = ^%(__prefix_journal)s\s*level=debug msg="Answering question for...
@thezoggy, @mitchellkrogza Interested to make a PR?
> I did some research and found out that there really is no single line of pptp log which would tell you both the IP address and the auth result....
> The important lines are the first one and the last one of this excerpt. Hmm... I see no failure (rather it is authorized), and IP is present in same...
> Or is there some kind of empty filter? Sure (`filter =`). But jail without a logpath (or journal) is not possible at the moment (there is no such backend...
Just to link #2932 (it needs a json pre-processor, so both RFE can be handled together if such "transformer" functionality gets implemented).
> `maxlines = 8` > `......` The issue with this filter (as with many other multi-line filters in old format with `maxlines`) is - it cannot good distinguish ambiguities or...
"Doesn't work" doesn't exists in computing. What exactly happens? What does say fail2ban-regex? How looks log-excerpt you were testing it against? And what does "I'll try" mean in this context?
First `.+` is a catch-all, thus `^\s.+` makes no sense here (and at least makes RE unanchored left). As a result your prefregex is pretty vulnerable. Don't do that. I...
Yes, if you explicitly need a common include, otherwise `\w+` (or even `\S+`) will be enough: ```ini [Definition] prefregex = ^\s*\w+ pptpd\[[^\]]+\]: CTRL: .+$ failregex = ^Client control connection (?:started|finished)...