如何匹配Fail2Ban中此行的主机IP地址
[英]How do I match the Host IP address from this line in Fail2Ban
问题描述
Happy New Year all! 
新年快乐!
So, I've been having some trouble matching the host IP of an attacker when using Fail2Ban to read my FreeSwitch log file. 因此,使用Fail2Ban读取我的FreeSwitch日志文件时,在匹配攻击者的主机IP时遇到了一些麻烦。 Please pardon me if this is the wrong forum for this, but I couldn't think of anywhere else to post this. 如果这是错误的论坛,请原谅我,但我想不出其他任何地方来发布此内容。
Here's the log line: 这是日志行:
2017-01-01 10:44:08.717205 [DEBUG] sofia.c:9746 sofia/external/1001@105.121.25.131 receiving invite from 217.79.182.240:5080 version: 1.6.13 -21-e755b43 64bit
This was my first attempt: 这是我的第一次尝试:
\[DEBUG\] sofia.c:\d+ ...................@\d+.\d+.\d+.\d+ receiving invite from <HOST>$:\d+
This was my second attempt (simplifying the first): 这是我的第二次尝试(简化第一次尝试):
\[.*@\d+.\d+.\d+.\d+ receiving invite from <HOST>$
My problem is, I'm having a hard time stripping out the IP address from the Port# in this string: 217.79.182.240:5080 so that it is passed to the <HOST> variable. 我的问题是,我很难从以下字符串的Port#中剥离IP地址: 217.79.182.240:5080 : 217.79.182.240:5080以便将其传递给<HOST>变量。 My understanding of REGEX composition has hit a roadblock and could use the combined expertise of others on this forum, thanks. 我对REGEX构成的理解遇到了障碍,可以在此论坛上利用其他人的综合专业知识,谢谢。
1 个解决方案
解决方案1
0 2017-01-01 23:33:52
This is what worked for me (in case someone else runs into this problem): 这对我有用(以防其他人遇到此问题):
.*@\d+.\d+.\d+.\d+ receiving invite from <HOST>.*$
Thanks to DigiDaz from the FusionPBX IRC Channel for assisting me with this. 感谢FusionPBX IRC频道的DigiDaz协助我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.