fail2ban 在我的过滤器中遗漏了行

fail2ban 在我的过滤器中遗漏了行

我对使用 fail2ban 完全陌生。现在我收到漏行错误,但我不知道原因。我有以下两个文件:

///etc/fail2ban/filter.d/apache-custom.conf

[Definition]

#badagents = 360Spider|ZmEu|Auto Spider 1.0|zgrab/[0-9]*\.[0-9a-zA-Z]*|Wget\(.*\)|MauiBot.*|AspiegelBot.*|SemrushBot.*|PHP/.*

badagents =

failregex = ^.+?:\d+ <HOST> -.*"(GET|POST|HEAD) /+dns-query.*$

ignoreregex =

///var/log/apache2/access.log

72.139.194.229 - - [17/Nov/2023:01:08:57 +0000] "GET /dns-query HTTP/1.1" 302 4942 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36"

然后我运行了命令fail2ban-regex /var/log/apache2/access.log /etc/fail2ban/filter.d/apache-custom.conf,它给出了以下消息:

Running tests
=============

Use   failregex filter file : apache-custom, basedir: /etc/fail2ban
Use         log file : access.log
Use         encoding : UTF-8


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [1] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-

Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.02 sec]

|- Missed line(s):
|  72.139.194.229 - - [17/Nov/2023:01:08:57 +0000] "GET /dns-query HTTP/1.1" 302 4942 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36"

我在过滤器中做错了什么?我原本希望正则表达式能够捕获 access.log 中的这一行

相关内容