# CONFIGURED BY ANSIBLE # # parse sshguard journal # # double quotes there are [PARSER] name sshguard_attack format regex regex ^Attack from "(?[^ ]+)" on service .*$ ## CIDR and double quotes there are #[PARSER] # name sshguard_block_range # format regex # regex ^Blocking "(?[^ ]+)" for [0-9]+ secs .*$ # CIDR and double quotes there are [PARSER] name sshguard_block format regex regex ^Blocking "(?[^ /]+)/32" for [0-9]+ secs .*$ # seen without CIDR [PARSER] name sshguard_unblock format regex regex ^(?[^:]+): unblocking after .*$