为Fail2ban服务实现特定正则表达式过滤器的问题

时间:2019-06-25 15:37:20

标签: regex fail2ban

我找不到适合我要标识的元素的正则表达式

我要分析的日志文件示例:

[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177

我想找到正则表达式来检测这种样式的行:

[20190625-11:47:51] [INFO ] A connection received from: ::ffff:192.168.1.32 port 55737

我已经测试过failregex = ^.*ffff:<HOST> port *$

Not ok


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

Lines: 6 lines, 0 ignored, 0 matched, 6 missed
[processed in 0.01 sec]

|- Missed line(s):
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
|  [20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
|  [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
|  [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177

1 个答案:

答案 0 :(得分:0)

我不太确定,只是猜测我们可能想要一个类似于以下内容的表达式:

(\[[0-9]{8}.+?A connection received from: ::ffff:.+?port\s+[0-9]+)

带有s标志。

Please see the demo for additional explanation.