Your comments
I just created filter for fail2ban. If someone is interested, but it's still not working. No idea why.
\d{8}\s\d{2}:\d{2}:\d{2}\s\[(.*?)\]\s\I(.*?)w\D{2}\s\bAccess denied\b.\s\[(.*?)]\D{4}<HOST>\D{1}
Customer support service by UserEcho
Ok,
I changed xml template to log date stamp in different time format. Right now logs looks like:
[Pn maj 20 08:38:35 2019] [INFO ][qtp31646855-32] com.ubooquity.d.c - User unknown. Access denied. [login:sdf][ip:192.168.0.199]
My regex is :
^\[(.*?)\]\s\[(.*?)\]\[(.*?)\]\D{35}\bAccess denied\b\D{17}<HOST>\D{1}
but it's not working. Any idea why ?
dietpi@DietPi:~$ fail2ban-regex error.log /etc/fail2ban/filter.d/ubouquity.conf
Running tests
=============
Use failregex filter file : ubouquity, basedir: /etc/fail2ban
Use log file : error.log
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.00 sec]
|- Missed line(s):
| ^\[(.*?)\]\s\[(.*?)\]\[(.*?)\]\D{35}\bAccess denied\b\D{17}<HOST>\D{1}
`-