多分誰かがfail2banのこの正規表現で私を助けることができます....
次の内容の行をフィルタリングするには、failregex を作成する必要があります。
2020-09-11 18:44:05.122235|INFO |VirtualServer |1 |ban added reason='' ip='127.0.0.1' bantime=0 by client 'name'(id:1345)
私は非常に多くの正規表現を試しましたが、常にfail2ban-regexコマンドからこのエラーが発生します:
エラー: 正規表現 '\etc\fail2ban\filter.d\01teamspeak-ban.conf' をコンパイルできません
私は例を試しました:
failregex = /([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) (?:(?:([01]?\d|2[0-3]):)?([0-5]?\d):)?([0-5]?\d).*[|]INFO [|]VirtualServer [|].* [|]ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*[)]/g
failregex = ^([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])) (?:(?:([01]?\d|2[0-3]):)?([0-5]?\d):)?([0-5]?\d).*[|]INFO [|]VirtualServer [|].* [|]ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*[)]$
failregex = /ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*'/g
failregex = ^ban added reason='.*' ip='(<HOST>)' bantime=0 by client '.*'$
ログファイルの例:
2020-09-10 19:11:00.040440|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_2496849585' by client 'Nickn4me-1'(id:340)
2020-09-10 19:11:00.044615|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_237847164' by client 'Nickn4me-1'(id:340)
2020-09-10 19:11:04.259132|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_428821049' by client 'Nickn4me-1'(id:340)
2020-09-10 19:13:10.717086|INFO |VirtualServerBase|1 |client disconnected 'Nickn4me-1'(id:340) reason 'reasonmsg=Verlassen'
2020-09-10 19:19:10.804754|INFO |VirtualServerBase|1 |client connected 'oThername_324'(id:341) from 10.241.207.142:54986
2020-09-10 19:19:10.980756|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_3456573507' by client 'oThername_324'(id:341)
2020-09-10 19:19:11.217004|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_237847164' by client 'oThername_324'(id:341)
2020-09-10 19:19:11.230140|INFO |VirtualServerBase|1 |file download from (id:0), '/icon_2496849585' by client 'oThername_324'(id:341)
2020-09-10 19:43:28.740111|INFO |VirtualServerBase|1 |client disconnected 'someoneelse02'(id:908) reason 'reasonmsg=Verlassen'
2020-09-10 19:56:26.494598|INFO |VirtualServerBase|1 |client connected 'Nickn4me-1'(id:340) from 10.201.196.50:43750
2020-09-10 19:58:16.371691|INFO |VirtualServerBase|1 |client disconnected 'Nickn4me-1'(id:340) reason 'reasonmsg=Verlassen'
2020-09-10 19:58:28.682639|INFO |VirtualServer |1 |ban added reason='' cluid='RuLfa2hkMrwAz43vVgnOTLOXKruw=' bantime=2678400 by client 'Adminnick'(id:656)
2020-09-10 19:58:28.682973|INFO |VirtualServer |1 |ban added reason='' ip='10.201.196.50' bantime=2678400 by client 'Adminnick'(id:656)
2020-09-10 20:16:49.381087|INFO |VirtualServerBase|1 |client disconnected 'oThername_324'(id:341) reason 'reasonmsg=Gute Nacht'
2020-09-10 20:21:23.440568|INFO |VirtualServerBase|1 |client disconnected 'Adminnick'(id:656) reason 'reasonmsg=cu'
2020-09-10 20:38:46.197539|INFO |VirtualServerBase|1 |client disconnected 'Member001'(id:779) reason 'reasonmsg=Verlassen'
2020-09-10 21:23:12.803953|INFO |VirtualServerBase|1 |client connected 'oThername_324'(id:341) from 10.241.207.142:55647
2020-09-10 21:23:31.667814|INFO |VirtualServerBase|1 |client disconnected 'oThername_324'(id:341) reason 'reasonmsg=Gute Nacht'
2020-09-10 22:17:07.171090|INFO |VirtualServerBase|1 |client connected 'this-is_aNick.name (:o)'(id:342) from 10.176.87.220:63576
2020-09-10 22:17:13.466953|INFO |VirtualServerBase|1 |client disconnected 'this-is_aNick.name (:o)'(id:342) reason 'reasonmsg=leaving'
2020-09-10 22:19:14.935197|INFO |VirtualServerBase|1 |client disconnected 'rMember0034'(id:581) reason 'reasonmsg=Verlassen'