Dante SOCKS server: handle "1 byte/second" case

Thanks to @Loriowar and @sebres for pointing it out

2 files changed, 3 insertions, 1 deletions

diff --git a/config/filter.d/dante.conf b/config/filter.d/dante.conf
index b597d461..d95f96b4 100644
--- a/config/filter.d/dante.conf
+++ b/config/filter.d/dante.conf
@@ -9,7 +9,7 @@ before = common.conf
 [Definition]
 _daemon = danted
 
-failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes in \d+ seconds: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$
+failregex = ^%(__prefix_line)sinfo: block\(1\): tcp/accept \]: <HOST>\.\d+ [\d.]+: error after reading \d+ bytes? in \d+ seconds?: (could not access user "\w+"'s records in the system password file: no system error|system password authentication failed for user "\w+")$
 
 [Init]
 journalmatch = _SYSTEMD_UNIT=danted.service
diff --git a/fail2ban/tests/files/logs/dante b/fail2ban/tests/files/logs/dante
index a7f08eb2..80d6744f 100644
--- a/fail2ban/tests/files/logs/dante
+++ b/fail2ban/tests/files/logs/dante
@@ -2,3 +2,5 @@
 Apr 14 15:35:03 vps111111 danted[17969]: info: block(1): tcp/accept ]: 1.2.3.4.50550 0.0.0.0.1080: error after reading 35 bytes in 0 seconds: could not access user "roooooooot"'s records in the system password file: no system error
 # failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" }
 Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 18 bytes in 0 seconds: system password authentication failed for user "aland"
+# failJSON: { "time": "2005-04-14T15:44:26", "match": true , "host": "1.2.3.4" }
+Apr 14 15:44:26 vps111111 danted[1846]: info: block(1): tcp/accept ]: 1.2.3.4.57178 0.0.0.0.1080: error after reading 1 byte in 1 second: system password authentication failed for user "aland"