I've a weird situation. I created a regex expression for one of the service. I've tested this expression at regexr.com and regex101.com and there are no problems at all. when I used this regex expression in fail2ban, it missed all the lines.
here is the log output;
here is the regex;
is fail2ban using a different regex structure?
here is the log output;
Copy Code
[05-Oct-2021 17:09:39 +0300]: IMAP Error: Login failed for xyz@xyz.com against localhost from95.65.143.88. AUTHENTICATE PLAIN: Authentication failed. in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 204 (POST /webmail/?_task=login&_action=login)
here is the regex;
Copy Code
(IMAP Error: Login failed for)\s([a-zA-Z0-9_.-]+\@[a-zA-Z0-9_.-]+)\s(against localhost from)\s
is fail2ban using a different regex structure?