9 Nov
2019
9 Nov
'19
3:42 p.m.
Hi Maykel,
failregex = ^\S+: Unknown User .* \(<HOST>\)$
Thanks for your help but not working... https://imgur.com/a/w0F2JSC
That image shows
Unknown User .* \(<HOST>:.*\)
but that's not what I suggested, e.g. you have a colon after the <HOST> and as there is no colon in ‘(109.103.148.2)’ then the regexp is not going to match.
what you suggested didn't work either
You still aren't trying what I suggested. The regexp I'm suggesting is for fail2ban. It can't be put into regex101.com unaltered. Nor can the test input be the line to match against because fail2ban alters it before applying the regular expression. I suggest you test and develop the regexp you want using fail2ban, e.g. fail2ban-regex. -- Cheers, Ralph.