кусок лога fail2ban
# tail /var/log/fail2ban.log
2015-09-09 13:00:24,459 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:24,459 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:25,461 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:27,464 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:27,465 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:28,467 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:28,468 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:29,469 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
2015-09-09 13:00:29,571 fail2ban.actions[1953]: WARNING [asterisk-iptables] Ban 62.210.250.141
2015-09-09 13:00:29,872 fail2ban.filter [1953]: WARNING Unable to find a corresponding IP address for ::1: [Errno -9] Address family for hostname not supported
установлен asterisk, для него имеется такой конфиг (если честно, то грешу на него)
cat /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban filter for asterisk authentication failures
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = asterisk
__pid_re = (?:\[\d+\])
iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
# All Asterisk log messages begin like this:
log_prefix= (?:NOTICE|SECURITY)%(__pid_re)s:?(?:\[C-[\da-f]*\])? \S+:\d*( in \w+:)?
failregex = ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - (Wrong password|Username/auth name mismatch|No matching peer found|Not a local domain|Device does not match ACL|Peer is not supposed to register|ACL error \(permit/deny\)|Not a local domain)$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Call from '[^']*' \(<HOST>:\d+\) to extension '\d+' rejected because extension not found in context 'default'\.$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> failed to authenticate as '[^']*'$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s No registration for peer '[^']*' \(from <HOST>\)$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Failed to authenticate (user|device) [^@]+@<HOST>\S*$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s hacking attempt detected '<HOST>'$
^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="(\d*|<unknown>)",SessionID=".+",LocalAddress="IPV[46]/(UDP|TCP|WS)/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UDP|TCP|WS)/<HOST>/\d+"(,Challenge="[\w/]+")?(,ReceivedChallenge="\w+")?(,Response="\w+",ExpectedResponse="\w*")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )Ext\. s: "Rejecting unknown SIP connection from <HOST>"$
ignoreregex =
# Author: Xavier Devlamynck / Daniel Black
#
# General log format - main/logger.c:ast_log
# Address format - ast_sockaddr_stringify
#
# First regex: channels/chan_sip.c
#
# main/logger.c:ast_log_vsyslog - "in {functionname}:" only occurs in syslog
Подскажите куда копать?
