I've got following entry in my logfile for gitlab (application.log):
June 10, 2019 19:04: Failed Login: username=Zzzz ip=XXX.XXX.XXX.XXX
How should the datepattern for my Fail2Ban-filter look like? The official documentation is not very helpful.
My regex would look something like this:
Failed Login(?:.*)ip=<HOST>$
Fail2ban dates are parsed with strptime.
In fail2ban there is a datepattern setting that can be applied filter. % need to be doubled up due to the template parsing of the configuration files.
So you have:
datepattern = ^%%B %%d, %%Y %H:%%M:
The reset of the failpattern assumed this datepattern has been removed. Take note of trailing space, I'm not sure how this is handled.
