Hi and thanks for your reply,
Fail2Ban version is v0.8.14 on SNG7 System Freepbx 15 ISO.
I removed Datapattern and now the freepbx.conf filter is:
[INCLUDES]
# Read common prefixes. If any customizations available – read them from
# common.local
#before = common.conf
[Definition]
#_daemon = freepbx
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named “host”. The tag “” can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P[\w-.^_]+)
# Values: TEXT
#
failregex = \[freepbx_security\.NOTICE\]: Authentication failure for .* from
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
This is the freepbx_security.log
tail /var/log/asterisk/freepbx_security.log
[2021-Jan-21 16:18:34] [freepbx_security.NOTICE]: Authentication failure for dd from 192.168.80.65 [] []
[2021-Jan-21 16:18:34] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers fordd set to [] []
[2021-Jan-21 17:41:28] [freepbx_security.NOTICE]: Authentication failure for xxxx from 192.168.80.60 [] []
[2021-Jan-21 17:41:28] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers forxxxx set to [] []
[2021-Jan-21 17:41:33] [freepbx_security.NOTICE]: Authentication failure for xxxxxttt from 192.168.80.60 [] []
[2021-Jan-21 17:41:33] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers forxxxxxttt set to [] []
[2021-Jan-21 17:41:36] [freepbx_security.NOTICE]: Authentication failure for yyyyyy from 192.168.80.60 [] []
[2021-Jan-21 17:41:36] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers foryyyyyy set to [] []
[2021-Jan-21 17:41:39] [freepbx_security.NOTICE]: Authentication failure for zzzzzz from 192.168.80.60 [] []
[2021-Jan-21 17:41:39] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers forzzzzzz set to [] []
and this is the result of fail2ban-regex:
fail2ban-regex /var/log/asterisk/freepbx_security.log /etc/fail2ban/filter.d/freepbx.conf
Running tests
Use failregex file : /etc/fail2ban/filter.d/freepbx.conf
Use log file : /var/log/asterisk/freepbx_security.log
Results
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
Lines: 12 lines, 0 ignored, 0 matched, 12 missed
|- Missed line(s):
| [2020-Sep-21 14:52:19] [freepbx_security.NOTICE]: Authentication failure for admin from 192.168.80.164 [] []
| [2020-Sep-21 14:52:19] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers foradmin set to [] []
| [2021-Jan-21 16:18:34] [freepbx_security.NOTICE]: Authentication failure for dd from 192.168.80.65 [] []
| [2021-Jan-21 16:18:34] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers fordd set to [] []
| [2021-Jan-21 17:41:28] [freepbx_security.NOTICE]: Authentication failure for xxxx from 192.168.80.60 [] []
| [2021-Jan-21 17:41:28] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers forxxxx set to [] []
| [2021-Jan-21 17:41:33] [freepbx_security.NOTICE]: Authentication failure for xxxxxttt from 192.168.80.60 [] []
| [2021-Jan-21 17:41:33] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers forxxxxxttt set to [] []
| [2021-Jan-21 17:41:36] [freepbx_security.NOTICE]: Authentication failure for yyyyyy from 192.168.80.60 [] []
| [2021-Jan-21 17:41:36] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers foryyyyyy set to [] []
| [2021-Jan-21 17:41:39] [freepbx_security.NOTICE]: Authentication failure for zzzzzz from 192.168.80.60 [] []
| [2021-Jan-21 17:41:39] [freepbx_security.NOTICE]: Possible proxy detected, forwarded headers forzzzzzz set to [] []
What do you think ?