filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only):

- extended with optional prefix for the systemd-journal (with second date-pattern as optional match);
- added `journalmatch` filtering;
closes gh-2043

config/filter.d/murmur.conf

@@ -1,11 +1,6 @@
 # Fail2Ban filter for murmur/mumble-server
 #
 
-[INCLUDES]
-
-before = common.conf
-
-
 [Definition]
 
 _daemon = murmurd
@@ -15,7 +10,13 @@ _daemon = murmurd
 #      variable in your server config file (murmur.ini / mumble-server.ini).
 _usernameregex = [^>]+
 
-_prefix = \s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
+# Prefix for systemd-journal (with second date-pattern as optional match):
+#
+__prefix_journal = (?:\S+\s+%(_daemon)s\[\d+\]:(?:\s+\<W\>[\d\-]+ [\d:]+.\d+)?)
+
+__prefix_line = %(__prefix_journal)s?
+
+_prefix = %(__prefix_line)s\s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
 
 prefregex = ^%(_prefix)s <F-CONTENT>.+</F-CONTENT>$
 
@@ -26,6 +27,8 @@ ignoreregex =
 
 datepattern = ^<W>{DATE}
 
+journalmatch = _SYSTEMD_UNIT=murmurd.service + _COMM=murmurd
+
 # DEV Notes:
 #
 # Author: Ross Brown