Using the regex filter below:
[Definition]
failregex = ^<HOST>.*Priority: 0
ignoreregex =
Fail2Ban does not detect any of these log entries below.
Mon Apr 1 21:11:29 2024 [**] [1:1000002:1] SSH attempt [**] [Priority: 0] {TCP} 192.x.x.x:58867 -> 192.168.x.x:22
Mon Apr 1 21:11:29 2024 [**] [1:1000002:1] SSH attempt [**] [Priority: 0] {TCP} 192.x.x.x:58914 -> 192.168.x.x:22
But this same regex filter above, accurately detects the log lines below in Fail2Ban and the only difference in the log entries is the date format.
03/26-10:57:44.146011 [**] [1:1000002:1] SSH attempt [**] [Priority: 0] {TCP} 192.x.x.x:58867 -> 192.168.x.x:22
03/26-11:23:52.317989 [**] [1:1000002:1] SSH attempt [**] [Priority: 0] {TCP} 192.x.x.x:58914 -> 192.168.x.x:22
Please I need urgent help in getting this regex filter to work as it is for my project work and my timeline is so limited.
<HOST>
is afterPriority: 0
in your log file, regex should bePriority: 0.*<HOST>