蚊子暴力破解fail2ban失败正则表达式

我正在尝试编写fail2ban过滤器来阻止暴力破解IP地址，这些地址试图通过猜测用户名/密码组合来订阅用户名/密码保护的mosquitto服务。当尝试使用不正确的详细信息进行订阅时，mosquitto 会写入两行日志，如下所示：

1544984465: New connection from 123.123.123.123 on port 1883.
1544984465: Socket error on client <unknown>, disconnecting.

我设法通过使用编写匹配这两行模式的正则表达式https://regex101.com/设置为“蟒蛇风味”。正则表达式看起来像这样：

\s(?P<date>\d+)\: New connection from (?P<host>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+\n(?P=date): Socket error on client \<unknown\>, disconnecting.

不幸的是，fail2ban 无法使用以下正则表达式在日志中找到匹配项：

# fail2ban-regex '/var/log/testlog.log' '\s(?P<date>\d+)\: New connection from (?P<host>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+\n(?P=date): Socket error on client \<unknown\>, disconnecting.'

Running tests
=============

Use   failregex line : \s(?P<date>\d+)\: New connection from (?P<host>[0-...
Use         log file : /var/log/testlog.log
Use         encoding : UTF-8


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [13] Epoch
`-

Lines: 13 lines, 0 ignored, 0 matched, 13 missed
[processed in 0.00 sec]

|- Missed line(s):
|  1544984465: New connection from 123.123.123.123 on port 1883.
|  1544984465: Socket error on client <unknown>, disconnecting.
|  1544984466: New connection from 123.123.123.123 on port 1883.
|  1544984466: Socket error on client <unknown>, disconnecting.
|  1544984468: New connection from 123.123.123.123 on port 1883.
|  1544984468: Socket error on client <unknown>, disconnecting.
|  1544984469: New connection from 123.123.123.123 on port 1883.
|  1544984469: Socket error on client <unknown>, disconnecting.
|  1544984470: New connection from 123.123.123.123 on port 1883.
|  1544984470: Socket error on client <unknown>, disconnecting.
|  1544984471: New connection from 123.123.123.123 on port 1883.
|  1544984471: Socket error on client <unknown>, disconnecting.
|  1544984473: New connection from 123.123.123.123 on port 1883.
`-

Fail2ban版本是0.9.6-1.el6.1。运行在 Centos 6 服务器上。