fail2ban-regex 与字符串匹配,但与日志和conf文件不匹配,为什么?

fpg*_*ost 5 regex fail2ban

如果我跑

fail2ban-regex '31.22.105.115 - - [11/Apr/2014:18:09:54 +0100] "GET /admin/config.php 
HTTP/1.0" 301 573 "-" "-"' '^<HOST> - - (?:\[[^]]*\] )+\"(GET|POST)/(?i)(PMA|phptest|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2|cgi-bin)'
Run Code Online (Sandbox Code Playgroud)

然后我明白了Success, the total number of match is 1。然而如果我有一个access.log包含

 .
 .
109.68.191.26 - - [11/Apr/2014:12:47:50 +0100] "GET / HTTP/1.0" 301 541 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"
31.22.105.115 - - [11/Apr/2014:18:09:54 +0100] "GET /admin/config.php HTTP/1.0" 301 573 "-" "-"
Run Code Online (Sandbox Code Playgroud)

和一个filter.d.conf 文件包含

failregex  = '^<HOST> - - (?:\[[^]]*\] )+\"(GET|POST) /(?i)(PMA|phptest|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2|cgi-bin)'
Run Code Online (Sandbox Code Playgroud)

,我尝试跑步,fail2ban-regex path/to/access.log /etc/fail2ban/filter.d/apache-getphp.conf我明白了Sorry, no match,为什么?

fpg*_*ost 3

啊,只是我不应该引用 filter.d 文件中的正则表达式,即应该是:

failregex  = ^<HOST> - - (?:\[[^]]*\] )+\"(GET|POST) /(?i)(PMA|phptest|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2|cgi-bin)
Run Code Online (Sandbox Code Playgroud)