You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OS, including release name/version : ubuntu 14.04, but latest pypy3
Fail2Ban installed via OS/distribution mechanisms
You have not applied any additional foreign patches to the codebase
Some customizations were done to the configuration (provide details below is so)
The issue:
fail2ban-regex (and others?) MISS lines that match "ignoreregex", if that same line does not match "failregex" . It seems to me that ignore is just ignore, and that one should not have to match the lines to then ignore them. no ?
Steps to reproduce
fail2ban-regex "1234" "aaaa<HOST>.*" ".*1234.*"
Expected behavior
Lines: 1 lines, 1 ignored, 0 matched, 0 missed
Observed behavior
root@ubuntu14:/etc/fail2ban# fail2ban-regex "1234" "aaaa<HOST>.*" ".*1234.*"
Running tests
=============
Use failregex line : aaaa<HOST>.*
Use ignoreregex line : .*1234.*
Use single line : 1234
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.04 sec]
|- Missed line(s):
| 1234
-
Any additional information
how come ".1234." would not match ? ...
well ... it does ..... if I modify first the "failregex" to also match ! :
root@ubuntu14:/etc/fail2ban# fail2ban-regex "1234" "<HOST>.*" ".*1234.*"
Running tests
=============
Use failregex line : <HOST>.*
Use ignoreregex line : .*1234.*
Use single line : 1234
Results
=======
Failregex: 0 total
Ignoreregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] .*1234.*
-
Date template hits:
Lines: 1 lines, 1 ignored, 0 matched, 0 missed
[processed in 0.04 sec]
|- Ignored line(s):
| 1234
-
Relevant parts of /var/log/fail2ban.log file:
none
The text was updated successfully, but these errors were encountered:
The ignoreregex would be applied only if the message firstly matched failregex. Otherwise it has simply no sense.
If the lines are not matched failregex, they are considered as missed (no matter whether it'd match ignoreregex or not).
Also note ignoreregex is an atavism (and retained for backwards compatibility only) - normally the filter doesn't need it at all.
The messages can be always "ignored" by more precise failregex, or even if expected with a negative lookahead (or lookbehind).
For instance:
Environment:
The issue:
fail2ban-regex (and others?) MISS lines that match "ignoreregex", if that same line does not match "failregex" . It seems to me that ignore is just ignore, and that one should not have to match the lines to then ignore them. no ?
Steps to reproduce
fail2ban-regex "1234" "aaaa<HOST>.*" ".*1234.*"
Expected behavior
Lines: 1 lines, 1 ignored, 0 matched, 0 missed
Observed behavior
Any additional information
how come ".1234." would not match ? ...
well ... it does ..... if I modify first the "failregex" to also match ! :
Relevant parts of /var/log/fail2ban.log file:
none
The text was updated successfully, but these errors were encountered: