On Mon, 20 Sep 2010, J. Oquendo wrote:
Fail2Ban separates on fields, e.g., awk '{print $X}'
# awk '/[assword]/{print $15}' TodaysLogs|sort -u # awk '/[assword]/{print $11}' TodaysLogs|sort -u
Did you read the docs? http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
[2010-09-20 01:16:24] NOTICE[8395] chan_sip.c: Registration from '"this-is-a-stupid-password"<sip:this-is-a-stupid-password at 208.50.xx.xxx>' failed for '69.72.242.170' - Device does not match ACL
failregex = Registration from '.+?' failed for '<HOST>' Done. Needs real-world testing/tweaking but I'm pretty sure your argument that it is too hard to match a failure in fail2ban is silly. --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman at angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------