fail2ban/config/filter.d/ejabberd-auth.conf

# Fail2Ban configuration file
#
# Author: Steven Hiscocks
#
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
#          Multiline regexs should use tag "<SKIPLINES>" to separate lines.
#          This allows lines between the matching lines to continue to be
#          searched for other failures. This tag can be used multiple times.
# Values:  TEXT
#
failregex = ^(?:\.\d+)? \[info\] <0\.\d+\.\d>@ejabberd_c2s:wait_for_feature_request:\d+ \([^\)]+\) Failed authentication for \S+ from IP <HOST>$
ENH: ejabberd filter 2014-01-09 22:44:50 +00:00			`# Fail2Ban configuration file`
			`#`
			`# Author: Steven Hiscocks`
			`#`
			`#`

			`[Definition]`

			`# Option: failregex`
			`# Notes.: regex to match the password failures messages in the logfile. The`
			`# host must be matched by a group named "host". The tag "<HOST>" can`
			`# be used for standard IP/hostname matching and is only an alias for`
			`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`
			`# Multiline regexs should use tag "<SKIPLINES>" to separate lines.`
			`# This allows lines between the matching lines to continue to be`
			`# searched for other failures. This tag can be used multiple times.`
			`# Values: TEXT`
			`#`
			`failregex = ^(?:\.\d+)? \[info\] <0\.\d+\.\d>@ejabberd_c2s:wait_for_feature_request:\d+ \([^\)]+\) Failed authentication for \S+ from IP <HOST>$`