From a26d4f42b7b4b3a7359e64eba4d5997eef25db46 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 24 Nov 2013 09:59:45 -0500
Subject: [PATCH] ENH: added optional [PID] matching in recidive.conf

---
 config/filter.d/recidive.conf | 2 +-
 testcases/files/logs/recidive | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/filter.d/recidive.conf b/config/filter.d/recidive.conf
index b29acaf3..13d2f53a 100644
--- a/config/filter.d/recidive.conf
+++ b/config/filter.d/recidive.conf
@@ -27,6 +27,6 @@ _daemon = fail2ban\.actions
 # jail using this filter 'recidive', or change this line!
 _jailname = recidive
 
-failregex = ^(%(__prefix_line)s|,\d{3} fail2ban.actions:\s+)WARNING\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^(%(__prefix_line)s|,\d{3} fail2ban.actions%(__pid_re)s?:\s+)WARNING\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
 
 # Author: Tom Hendrikx, modifications by Amir Caspi 
diff --git a/testcases/files/logs/recidive b/testcases/files/logs/recidive
index 6af85137..83acc3e1 100644
--- a/testcases/files/logs/recidive
+++ b/testcases/files/logs/recidive
@@ -1,5 +1,7 @@
 # failJSON: { "time": "2006-02-13T15:52:30", "match": true , "host": "1.2.3.4" }
 2006-02-13 15:52:30,388 fail2ban.actions: WARNING [sendmail] Ban 1.2.3.4
+# failJSON: { "time": "2006-02-13T15:52:30", "match": true , "host": "1.2.3.4", "desc": "Extended with [PID]" }
+2006-02-13 15:52:30,388 fail2ban.actions[123]: WARNING [sendmail] Ban 1.2.3.4
 # failJSON: { "match": false }
 2006-02-13 16:07:31,183 fail2ban.actions: WARNING [sendmail] Unban 1.2.3.4
 # failJSON: { "match": false }