On several CentOS 5.9 machines with fail2ban-0.8.2-3.el5.rf
I'm seeing warnings like the following in /var/log/fail2ban.log,
and consequently, in the "Unmatched Entries" section of my daily
logwatch mails:

2013-03-12 11:01:09,796 fail2ban.filter : WARNING Unable to find a
corresponding IP address for 2001:db8:cccc:c:250:56ff:fe8e:12

This one seems to be triggered by /var/log/secure line

Mar 12 11:01:08 lx1 sshd[24767]: Received disconnect from
2001:db8:cccc:c:250:56ff:fe8e:12: 11: disconnected by user

in conjunction with /etc/fail2ban/filter.d/sshd.conf failregex
line

^%(__prefix_line)sReceived disconnect from <HOST>: .*$

What is that message trying to tell me?
2001:db8:cccc:c:250:56ff:fe8e:12 *is* an IP address.
Why would fail2ban try to find a corresponding one for it?

Thanks,
Tilman
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.repoforge.org/pipermail/users/attachments/20130315/f26c1e6a/attachment.sig>