ENH: more filter expressions for freeswitch. Anchored existing one at end too

config/filter.d/freeswitch.conf

@@ -5,10 +5,13 @@
 
 [Definition]
 
-failregex = ^\.\d+ \[WARNING\] sofia_reg.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
+failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$
+            ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
+            ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$
 
 ignoreregex =
 
 # Author: Rupa SChomaker, soapee01, Daniel Black
 # http://wiki.freeswitch.org/wiki/Fail2ban
+# Thanks to Jim on mailing list of samples and guidance
 #

testcases/files/logs/freeswitch

@@ -1,2 +1,11 @@
 # failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "81.94.202.251" }
 2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1533 SIP auth challenge (INVITE) on sofia profile 'internal' for [011448708752617@192.168.2.51] from ip 81.94.202.251
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1478 SIP auth failure (INVITE) on sofia profile 'internal' for [000972543480510@192.168.2.51] from ip 5.11.47.236
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "185.24.234.141" }
+2013-12-31 17:39:54.767815 [DEBUG] sofia.c:7954 IP 185.24.234.141 Rejected by acl "domains". Falling back to Digest auth.
+
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "5.11.47.236" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [1001@192.168.2.51] from 5.11.47.236
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "185.24.234.141" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:2531 Can't find user [100@192.168.2.51] from 185.24.234.141