我已经使用F2B正则表达式很长时间了。然而,由于F2B正则表达式无法捕获这些日志条目,因此对我的VPS进行的新型探测使我发疯。
日志条目(遗漏):
void Update() {
//Check to see if it is time to change the state of the solenoid
unsigned long currentMillis = millis();
if((started == true) && (currentMillis - startMillis <= startDelay)) {
//keep waiting
Serial.println("Waiting");
} else if((started == true) && (currentMillis - startMillis < (chargeTime + startDelay) )) {
//Run
Serial.print("Run ");
Serial.println(currentMillis - startMillis);
digitalWrite(solenoidPin, HIGH);
} else if ((started == true) && (currentMillis - startMillis >= (chargeTime + startDelay) )){
//Stop
Serial.print("Stop ");
Serial.println(currentMillis - startMillis);
digitalWrite(solenoidPin, LOW);
started = false;
}
F2B正则表达式(在sshd.conf中):
| Oct 25 09:58:34 localhost sshd[17381]: Disconnecting invalid user admin 185.246.128.25 port 22937: Change of username or service not allowed: (admin,ssh-connection) -> (root,ssh-connection) [preauth]
| Oct 25 09:59:02 localhost sshd[17385]: Disconnecting authenticating user root 185.246.128.25 port 33103: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]
此正则表达式可在每个在线正则表达式工具(regex101,debuggex等)中完美运行,但是当我使用以下命令针对我的日志对其进行测试时:
^Disconnecting (?:authenticating|invalid) user .+ <HOST>%(__on_port_opt)s: .*%(__suff)s$
它错过了所有这些行。
我尝试了多个选项和变体,但无法找到可行的解决方案。请帮助您找到可行的解决方案,除非存在某种错误。谢谢。
更新1 :例如,这是最简单的形式,它也不起作用:https://regex101.com/r/evQkT1/1
更新2 :完全奇怪,看起来像是要探索的错误,但是我用fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf --print-all-missed > missed.txt
替换了标准标记<HOST>,并且过滤器开始工作。