I am trying to debug my fail2ban filter and some weird error with respect to my custom datepattern and stumbled upon this documentation.
According to that the output of the command
fail2ban-regex "2013-09-19 02:46:12 1.2.3.4" "<HOST>"
should show something like:
Date template hits:
|- [# of hits] date format
| [1] Year-Month-Day Hour:Minute:Second
However this already does not work on my system since the output I get is:
Running tests
=============
Use failregex line : <HOST>
Use single line : 2013-09-19 02:46:12 1.2.3.4
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.07 sec]
|- Missed line(s):
| 2013-09-19 02:46:12 1.2.3.4
Why does fail2ban not even recognize the date as it should?
PS:
$ fail2ban-client -V
0.11.2
$ fail2ban-regex -V
0.11.2
$ uname -r
5.8.18-1-MANJARO
That won't work on my system either, which means that fail2ban apparently doesn't recognize that date format.
It will recognize that same date in different format though, for example:
fail2ban-regex "Sep 19 02:46:12 2013 1.2.3.4" "<HOST>"
Date template hits:
|- [# of hits] date format
| [1] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
And this is how you can force it to recognize your timestamp by specifying a custom date pattern:
fail2ban-regex -d '%Y-%m-%d %H:%M:%S' "2013-09-19 02:46:12 1.2.3.4" "<HOST>"
Date template hits:
|- [# of hits] date format
| [1] Year-Month-Day 24hour:Minute:Second