From 19a5a2f8c03d2c3b1fd3e7622db12619a1488ade Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Fri, 9 Feb 2018 11:43:55 +0100
Subject: [PATCH] filter.d/murmur.conf: fixed detection of failures reading
 from journal (systemd-backend only): - extended with optional prefix for the
 systemd-journal (with second date-pattern as optional match); - added
 `journalmatch` filtering; closes gh-2043

---
 config/filter.d/murmur.conf | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/config/filter.d/murmur.conf b/config/filter.d/murmur.conf
index f5f100a6..efdaf8b5 100644
--- a/config/filter.d/murmur.conf
+++ b/config/filter.d/murmur.conf
@@ -1,11 +1,6 @@
 # Fail2Ban filter for murmur/mumble-server
 #
 
-[INCLUDES]
-
-before = common.conf
-
-
 [Definition]
 
 _daemon = murmurd
@@ -15,7 +10,13 @@ _daemon = murmurd
 #      variable in your server config file (murmur.ini / mumble-server.ini).
 _usernameregex = [^>]+
 
-_prefix = \s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
+# Prefix for systemd-journal (with second date-pattern as optional match):
+#
+__prefix_journal = (?:\S+\s+%(_daemon)s\[\d+\]:(?:\s+\<W\>[\d\-]+ [\d:]+.\d+)?)
+
+__prefix_line = %(__prefix_journal)s?
+
+_prefix = %(__prefix_line)s\s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from <HOST>:\d+:
 
 prefregex = ^%(_prefix)s <F-CONTENT>.+</F-CONTENT>$
 
@@ -26,6 +27,8 @@ ignoreregex =
 
 datepattern = ^<W>{DATE}
 
+journalmatch = _SYSTEMD_UNIT=murmurd.service + _COMM=murmurd
+
 # DEV Notes:
 #
 # Author: Ross Brown