Happy New Year all!
So, I've been having some trouble matching the host IP of an attacker when using Fail2Ban to read my FreeSwitch log file. Please pardon me if this is the wrong forum for this, but I couldn't think of anywhere else to post this.
Here's the log line:
2017-01-01 10:44:08.717205 [DEBUG] sofia.c:9746 sofia/external/[email protected] receiving invite from 217.79.182.240:5080 version: 1.6.13 -21-e755b43 64bit
This was my first attempt:
\[DEBUG\] sofia.c:\d+ ...................@\d+.\d+.\d+.\d+ receiving invite from <HOST>$:\d+
This was my second attempt (simplifying the first):
\[.*@\d+.\d+.\d+.\d+ receiving invite from <HOST>$
My problem is, I'm having a hard time stripping out the IP address from the Port# in this string: 217.79.182.240:5080 so that it is passed to the <HOST> variable. My understanding of REGEX composition has hit a roadblock and could use the combined expertise of others on this forum, thanks.
This is what worked for me (in case someone else runs into this problem):
Thanks to DigiDaz from the FusionPBX IRC Channel for assisting me with this.