Fail2ban regex: how to NOT get host name but ip?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















In my access.log I got somerow a



ip - - [date] method link ... etc..


and some others with



www.domain.com:ip - - [date] method link ... etc..


I am actually using this regexp



 ^<HOST>.*/phpmyadmin


The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.



Is there a more precise regexp for ip and not host name?










share|improve this question




























    0















    In my access.log I got somerow a



    ip - - [date] method link ... etc..


    and some others with



    www.domain.com:ip - - [date] method link ... etc..


    I am actually using this regexp



     ^<HOST>.*/phpmyadmin


    The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.



    Is there a more precise regexp for ip and not host name?










    share|improve this question
























      0












      0








      0








      In my access.log I got somerow a



      ip - - [date] method link ... etc..


      and some others with



      www.domain.com:ip - - [date] method link ... etc..


      I am actually using this regexp



       ^<HOST>.*/phpmyadmin


      The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.



      Is there a more precise regexp for ip and not host name?










      share|improve this question














      In my access.log I got somerow a



      ip - - [date] method link ... etc..


      and some others with



      www.domain.com:ip - - [date] method link ... etc..


      I am actually using this regexp



       ^<HOST>.*/phpmyadmin


      The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.



      Is there a more precise regexp for ip and not host name?







      fail2ban






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Mar 14 at 11:35









      realteborealtebo

      1286




      1286




















          1 Answer
          1






          active

          oldest

          votes


















          0














          I think you want to tell fail2ban to not do hostname lookups.



          use_dns
          yes (current behavior)
          warn (uses but warns upon each dns lookup)
          no (no DNS lookup, no warnings, INFO-LEVEL log messages when
          rDNS was necessary and entry was ignored because of that)





          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506263%2ffail2ban-regex-how-to-not-get-host-name-but-ip%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I think you want to tell fail2ban to not do hostname lookups.



            use_dns
            yes (current behavior)
            warn (uses but warns upon each dns lookup)
            no (no DNS lookup, no warnings, INFO-LEVEL log messages when
            rDNS was necessary and entry was ignored because of that)





            share|improve this answer



























              0














              I think you want to tell fail2ban to not do hostname lookups.



              use_dns
              yes (current behavior)
              warn (uses but warns upon each dns lookup)
              no (no DNS lookup, no warnings, INFO-LEVEL log messages when
              rDNS was necessary and entry was ignored because of that)





              share|improve this answer

























                0












                0








                0







                I think you want to tell fail2ban to not do hostname lookups.



                use_dns
                yes (current behavior)
                warn (uses but warns upon each dns lookup)
                no (no DNS lookup, no warnings, INFO-LEVEL log messages when
                rDNS was necessary and entry was ignored because of that)





                share|improve this answer













                I think you want to tell fail2ban to not do hostname lookups.



                use_dns
                yes (current behavior)
                warn (uses but warns upon each dns lookup)
                no (no DNS lookup, no warnings, INFO-LEVEL log messages when
                rDNS was necessary and entry was ignored because of that)






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Mar 14 at 13:08









                number9number9

                56527




                56527



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506263%2ffail2ban-regex-how-to-not-get-host-name-but-ip%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?