getting a lot of these in my logs but fail2ban is not banning them. ip's are random
connect from unknown[1XX.22X.1XX.2XX]
disconnect from unknown[1XX.22X.1XX.2XX]
this is the filter i'm running it against but its not working. got the idea from this link -
http://www.iredmail.org/forum/topic8...s-attacks.html
failregex = disconnect from unknown (.*)\[<HOST>\]
failregex = connect from unknown (.*)\[<HOST>\]
tia