New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BR]: Fail2ban for mssql not work filtering my log from docker containers log #3664
Comments
Basically it would be enough to set a precise
But because of catch-all - failregex = ^\s*Logon\s+Login failed for user '<F-USER>(?:[^']*|.*)</F-USER>'\. [^'\[]+\[CLIENT: <ADDR>\]$
+ failregex = ^\s*Logon\s+Login failed for user '<F-USER>[^']*</F-USER>'\. [^'\[]+\[CLIENT: <ADDR>\]
datepattern = ^\{"log":"\\r%%Y-%%m-%%d %%H:%%M:%%S(?:\.%%f)? No idea what is with user names like Alternatively (at least as long as RFE #3526 not yet implemented) switch back to normal logging (from json format). Or fix it somehow like: datepattern = ^\{"log":"\\r%%Y-%%m-%%d %%H:%%M:%%S(?:\.%%f)?
_groupre = (?:"\w[^"]+":(?:"[^"]+"|\w+)\s*[,\}]\s*)
failregex = ^\s*Logon\s+Login failed for user '<F-USER>(?:[^']*|.*)</F-USER>'\. [^'\[]+\[CLIENT: <ADDR>\]\\r\\n",?\s*%(_groupre)s*$ |
Environment:
In my case, I think all the configurations have gone well and I found no errors when running fail2ban, whether for fail2ban regex or fail2ban client restart, please enlighten me regarding this.
here is my mssql.conf config jail:
and my filter config:
docker log value:
fail2ban-regex:
root@pc# tail -f /var/log/fail2ban.log
Does all of the above work correctly? because after several hours of waiting, no one was jailed in the filtering
Please help with this, and I would be very grateful in this matter.
The text was updated successfully, but these errors were encountered: