From 5a961b631f827da38ac44557436dc444f4b424a9 Mon Sep 17 00:00:00 2001 From: Egbert <10352354+egberts@users.noreply.github.com> Date: Sun, 20 Sep 2020 18:42:18 -0400 Subject: [PATCH] Restore a heading line. Replaced example.tld with actual top-level domain name `sl` --- Developing-Regex-in-Fail2ban.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Developing-Regex-in-Fail2ban.md b/Developing-Regex-in-Fail2ban.md index 2759b69..f054c41 100644 --- a/Developing-Regex-in-Fail2ban.md +++ b/Developing-Regex-in-Fail2ban.md @@ -118,11 +118,14 @@ Now I am matching SOMETHING! Notice the convoluted patterns after '`query.+?`' These long patterns represent '``' part. We can safely ignore that for now. Most importantly, I am MATCHING something that starts with '`^query`'! Yippee! + GYRATING TOWARD FULL MATCH +========================== +With a working matching pattern (albeit a failed but overly-broad pattern), we can then work toward a full-blown but concise (yet flexible) pattern. -With a working matching pattern (albeit a failed but overly-broad pattern), we can then work toward a full-blown concise (yet flexible) pattern. +Let’s start by adding more static pattern. -Let’s start by adding more static pattern. I am pretty sure from my intensive examination of that line 5445 in Bind9 `query.c` source file that '`query-error: info:`' is something that will not change for my target condition. This log output may have other variance like '`query-error: warn`' or '`query-error: debug`' but I am ignoring those. +I am pretty sure from my intensive examination of that line 5445 in Bind9 `query.c` source file that '`query-error: info:`' is something that will not change for my target condition. This log output may have other variance like '`query-error: warn`' or '`query-error: debug`' but I am ignoring those. First iteration of `failregex` expansion: ```ini @@ -218,7 +221,7 @@ FINAL STRETCH ============= We have the remaining of log text left to go: ```console -query failed (REFUSED) for example.tld/IN/ANY at query.c:5445 +query failed (REFUSED) for sl/IN/ANY at query.c:5445 ``` We’re impatient lot, aren’t we? Rush it up with: ```ini