diff --git a/Developing-Regex-in-Fail2ban.md b/Developing-Regex-in-Fail2ban.md index df1a4e2..2759b69 100644 --- a/Developing-Regex-in-Fail2ban.md +++ b/Developing-Regex-in-Fail2ban.md @@ -66,14 +66,14 @@ fail2ban-regex \ -l HEAVYDEBUG \ /tmp/captured.log \ /etc/fail2ban/filter.d/named-refused.conf -`` +``` Remember the above command; we are going to use it each time we modified the filter configuration file: and quite very often. Use your bash history buffer and recall that command, over and over again. Remember. and its output shows a line starting with `T: Pre-filter matched`: - +```console H: Looking for prefregex '^(?P.+)$' T: Pre-filter matched {'content': ' query-errors: info: client @0x7f01e00004e0 123.123.123.123#80 (sl): view red: query failed (REFUSED) for sl/IN/ANY at query.c:5445'} - +``` and note the value of `'content:'`. This content comes after the `datepattern`; we have successfully parse the date timestamp. Next, remaining content is then fed into the `failregex` patterns. Note: Please note in 'content': value that there is an extra space at the beginning of that value so be careful with the ‘`^`‘ and make sure it starts with ‘`^ `‘ (note a space after caret symbol.) @@ -134,7 +134,7 @@ fail2ban-regex \ -l HEAVYDEBUG \ --print-no-missed \ /tmp/query-errors.log named-refused.local -`` +``` and notice the output: ```console Results