How do I match the Host IP address from this line in Fail2Ban
Question
Happy New Year all!
So, I've been having some trouble matching the host IP of an attacker when using Fail2Ban to read my FreeSwitch log file. Please pardon me if this is the wrong forum for this, but I couldn't think of anywhere else to post this.
Here's the log line:
2017-01-01 10:44:08.717205 [DEBUG] sofia.c:9746 sofia/external/1001@105.121.25.131 receiving invite from 217.79.182.240:5080 version: 1.6.13 -21-e755b43 64bit
This was my first attempt:
\[DEBUG\] sofia.c:\d+ ...................@\d+.\d+.\d+.\d+ receiving invite from <HOST>$:\d+
This was my second attempt (simplifying the first):
\[.*@\d+.\d+.\d+.\d+ receiving invite from <HOST>$
My problem is, I'm having a hard time stripping out the IP address from the Port# in this string: 217.79.182.240:5080 so that it is passed to the <HOST> variable. My understanding of REGEX composition has hit a roadblock and could use the combined expertise of others on this forum, thanks.
1 answers
solution1
0 2017-01-01 23:33:52
This is what worked for me (in case someone else runs into this problem):
.*@\d+.\d+.\d+.\d+ receiving invite from <HOST>.*$
Thanks to DigiDaz from the FusionPBX IRC Channel for assisting me with this.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.