為Fail2ban服務實現特定正則表達式過濾器的問題

Question

我找不到合適的正則表達式來匹配我要識別的元素

我要分析的日志文件示例：

[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177

我想找到正則表達式來檢測這種樣式的線：

[20190625-11:47:51] [INFO ] A connection received from: ::ffff:192.168.1.32 port 55737

我已經測試了failregex = ^.*ffff:<HOST> port *$

Not ok


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

Lines: 6 lines, 0 ignored, 0 matched, 6 missed
[processed in 0.01 sec]

|- Missed line(s):
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
|  [20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
|  [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
|  [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177

Answer 1

我不太確定，只是猜測我們可能想要一個類似於以下內容的表達式：

(\[[0-9]{8}.+?A connection received from: ::ffff:.+?port\s+[0-9]+)

帶有s標志。

請參閱演示以獲得更多說明。