From 150e8794dab64d50fad8f1f4429cb9baf990667d Mon Sep 17 00:00:00 2001
From: Egbert <10352354+egberts@users.noreply.github.com>
Date: Wed, 30 Sep 2020 16:25:32 -0400
Subject: [PATCH] Added the detailed explaination of `prefregex`

---
 Developing-Regex-in-Fail2ban.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/Developing-Regex-in-Fail2ban.md b/Developing-Regex-in-Fail2ban.md
index ca31710..a962194 100644
--- a/Developing-Regex-in-Fail2ban.md
+++ b/Developing-Regex-in-Fail2ban.md
@@ -57,6 +57,22 @@ PRE-FILTER MATCHED
 ==================
 If you have a single-line pattern, skip this section and leave `prefregex` empty or undefined.
 
+`prefregex` is a pattern of the entire log file that is inherently all the same within the same log file.  Such common pattern found in line-by-line log file are:
+* date (pretty much always)
+* daemon name (optional)
+* subroutine name and/or line number (optional)
+* process ID (optional)
+* severity level (optional)
+
+So, the `prefregex` is highly dependent on proper supporting of this combinatorial of the above list of patterns (some always there,  and mostly optional) in order to make it work for everyone that uses the application which generates the logs.
+
+Secondary benefit of `prefregex` is to ensure that `failregex` is  left with the most dynamic part of the line.  `prefregex` takes that most common part (see above list) of the line.
+
+```console
+<--- prefregex   -->|<--   failregex  ->
+3-Jan-2020 myscript: Dynamic error message part
+```
+
 To Pre-Filter  or Not To Pre-Filter
 -----------------------------------
 This section only applies if you have (or will have) multiple patterns within this same filter file that you are creating or modifying.