DOKK / manpages / debian 10 / fail2ban / fail2ban-regex.1.en

fail2ban-regex - test Fail2ban "failregex" option

fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]

Fail2Ban reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules.

This tools can test regular expressions for "fail2ban".

a string representing a log line
path to a log file (/var/log/auth.log)
search systemd journal (systemd-python required)

a string representing a 'failregex'
path to a filter file (filter.d/sshd.conf)

a string representing an 'ignoreregex'
path to a filter file (filter.d/sshd.conf)

show program's version number and exit
show this help message and exit
set alternate config directory
set custom pattern used to match date/times
set time-zone used by convert time format
File encoding. Default: system locale
Raw hosts, don't resolve dns
DNS specified replacement of tags <HOST> in regexp ('yes' - matches all form of hosts, 'no' - IP addresses only)
maxlines for multi-line regex.
journalctl style matches overriding filter file. "systemd-journal" only
Log level for the Fail2Ban logger to use
Increase verbosity
Set numerical level of verbosity (0..4)
Verbose date patterns/regex in output
Produce urls for debugging there
Do not print any missed lines
Do not print any ignored lines
Print all matched lines
Print all missed lines, no matter how many
Print all ignored lines, no matter how many
Enrich log-messages with compressed tracebacks
Either to make the tracebacks full, not compressed (as by default)

Written by Cyril Jaquier <>. Many contributions by Yaroslav O. Halchenko and Steven Hiscocks.

Report bugs to

Copyright © 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors
Copyright of modifications held by their respective authors. Licensed under the GNU General Public License v2 (GPL).

fail2ban-client(1) fail2ban-server(1)

January 2018 fail2ban-regex 0.10.2