1 Nov
2019
1 Nov
'19
6:20 p.m.
Hi Maykel, I don't use fail2ban, but I've just skimmed https://fail2ban.readthedocs.io/en/latest/filters.html#developing-filter-reg... You may find the ‘debuggex’ reference useful.
failregex = Unknown User .* \(<HOST>:.*\) ... [12:48:35.315] Server1: Unknown User 'test' (109.103.148.2) ... Date template hits: |- [# of hits] date format | [6] {^LN-BEG}24hour:Minute:Second
I take that to mean it was happy with the timestamp.
failregex = Unknown User .* \(<HOST>:.*\)
How about failregex = ^\S+: Unknown User .* \(<HOST>\)$ -- Cheers, Ralph.