I am having issues getting Fail2Ban to pick up my correct log for a failed login attempt into NGINX Basic Auth.
This is my log of the failed login:
2016/10/12 14:29:56 [error] 16270#16270: *6738 user "test2" was not found in "/etc/nginx/htpasswd-ee", client: 184.108.40.206, server: , request: "GET / HTTP/2.0", host: "domain.com:22222"
here is my regex:
^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
From what I get tell using a regex tool, it’s getting stuck on the server with a blank space and not a number. But not 100% sure as I do not fully understand regex very well.