也许有人可以通过fail2ban的正则表达式来帮助我...。
我需要创建一个failregex来过滤具有以下内容的行:
2020-09-11 18:44:05.122235|INFO |VirtualServer |1 |ban added reason='' ip='127.0.0.1' bantime=0 by client 'name'(id:1345)
我尝试了很多正则表达式,但是我总是从fail2ban-regex命令得到此错误:
错误:无法编译正则表达式'\ etc \ fail2ban \ filter.d \ 01teamspeak-ban.conf'
我尝试过示例:
failregex = /([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) (?:(?:([01]?\d|2[0-3]):)?([0-5]?\d):)?([0-5]?\d).*[|]INFO [|]VirtualServer [|].* [|]ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*[)]/g
failregex = ^([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) (?:(?:([01]?\d|2[0-3]):)?([0-5]?\d):)?([0-5]?\d).*[|]INFO [|]VirtualServer [|].* [|]ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*[)]$
failregex = /ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*'/g
failregex = ^ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*'$
日志文件示例:
2020-09-10 19:11:00.040440|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_2496849585' by client 'Nickn4me-1'(id:340)
2020-09-10 19:11:00.044615|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_237847164' by client 'Nickn4me-1'(id:340)
2020-09-10 19:11:04.259132|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_428821049' by client 'Nickn4me-1'(id:340)
2020-09-10 19:13:10.717086|INFO |VirtualServerBase|1 |client disconnected 'Nickn4me-1'(id:340) reason 'reasonmsg=Verlassen'
2020-09-10 19:19:10.804754|INFO |VirtualServerBase|1 |client connected 'oThername_324'(id:341) from 10.241.207.142:54986
2020-09-10 19:19:10.980756|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_3456573507' by client 'oThername_324'(id:341)
2020-09-10 19:19:11.217004|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_237847164' by client 'oThername_324'(id:341)
2020-09-10 19:19:11.230140|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_2496849585' by client 'oThername_324'(id:341)
2020-09-10 19:43:28.740111|INFO |VirtualServerBase|1 |client disconnected 'someoneelse02'(id:908) reason 'reasonmsg=Verlassen'
2020-09-10 19:56:26.494598|INFO |VirtualServerBase|1 |client connected 'Nickn4me-1'(id:340) from 10.201.196.50:43750
2020-09-10 19:58:16.371691|INFO |VirtualServerBase|1 |client disconnected 'Nickn4me-1'(id:340) reason 'reasonmsg=Verlassen'
2020-09-10 19:58:28.682639|INFO |VirtualServer |1 |ban added reason='' cluid='RuLfa2hkMrwAz43vVgnOTLOXKruw=' bantime=2678400 by client 'Adminnick'(id:656)
2020-09-10 19:58:28.682973|INFO |VirtualServer |1 |ban added reason='' ip='10.201.196.50' bantime=2678400 by client 'Adminnick'(id:656)
2020-09-10 20:16:49.381087|INFO |VirtualServerBase|1 |client disconnected 'oThername_324'(id:341) reason 'reasonmsg=Gute Nacht'
2020-09-10 20:21:23.440568|INFO |VirtualServerBase|1 |client disconnected 'Adminnick'(id:656) reason 'reasonmsg=cu'
2020-09-10 20:38:46.197539|INFO |VirtualServerBase|1 |client disconnected 'Member001'(id:779) reason 'reasonmsg=Verlassen'
2020-09-10 21:23:12.803953|INFO |VirtualServerBase|1 |client connected 'oThername_324'(id:341) from 10.241.207.142:55647
2020-09-10 21:23:31.667814|INFO |VirtualServerBase|1 |client disconnected 'oThername_324'(id:341) reason 'reasonmsg=Gute Nacht'
2020-09-10 22:17:07.171090|INFO |VirtualServerBase|1 |client connected 'this-is_aNick.name (:o)'(id:342) from 10.176.87.220:63576
2020-09-10 22:17:13.466953|INFO |VirtualServerBase|1 |client disconnected 'this-is_aNick.name (:o)'(id:342) reason 'reasonmsg=leaving'
2020-09-10 22:19:14.935197|INFO |VirtualServerBase|1 |client disconnected 'rMember0034'(id:581) reason 'reasonmsg=Verlassen'
答案 0 :(得分:0)
在我的情况下为工作模板:
/etc/fail2ban/filter.d/01teamspeak-permanentban.conf
[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*ban.*ip='(<ADDR>)' bantime=0.*
ignoreregex =
感谢onetwo12