[Linux-aus] python regex
Daniel Black
daniel.subs at internode.on.net
Mon Oct 7 18:37:56 EST 2013
On 07/10/13 17:43, Nick Edwards wrote:
> Since this list seems to have a few python experts going by the
> previous thread, wondering if one can offer some advice
>
> This is a fail2ban regex, seeking out nothing, or ",something", by this mean
<HOST> is a fail2ban ism for matching a IP host and it isn't part of
python regex.
>
> TLS/SSL connections will only match rip=(?P<host>\S*),.*
>
> But plain connections will only match on rip=(?P<host>\S*)
fail2ban matches on logs as it doesn't listen to network connections itself.
> neither includes the other, so at present we have duplication
>
> (other_specific_matching_criteria).*rip=(?P<host>\S*)
> to match on plain, and
> (other_specific_matching_criteria).*rip=(?P<host>\S*),.* to match
> on ,SSL/TLS/secure/whatever
>
> these rules work, but surely there is a way to have one command, that,
> doesnt care if what it wants ends at host bit, or carries on, in perl
> this is deal simple, but not so in python
Fail2ban regex aren't anchored at the end automatic.
>
> I have tried .* since . is supposed to be 0 or 1
. is any character
http://docs.python.org/2/library/re.html
> , I have also tried .*?
> and a bunch of other variations.
>
> Any suggestions?
1) use the fail2ban-regex tool
2) Try using this tool: https://www.debuggex.com/?flavor=python
Replace host> with (?:ipv4) to use this
3)
Provide specific log examples to the fail2ban list
(fail2ban-users at lists.sourceforge.net)
More information about the linux-aus
mailing list