Проблема реализации специального фильтра регулярных выражений для службы Fail2ban

Question

Я не могу найти хорошее регулярное выражение для соответствия элементу, который я хочу идентифицировать

пример моего файла журнала для анализа:

[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
[20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
[20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177

Я хочу найти регулярное выражение дляопределить линию этого стиля:

[20190625-11:47:51] [INFO ] A connection received from: ::ffff:192.168.1.32 port 55737

Я тестировал failregex = ^.*ffff:<HOST> port *$

Not ok


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

Lines: 6 lines, 0 ignored, 0 matched, 6 missed
[processed in 0.01 sec]

|- Missed line(s):
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
|  [20190625-10:19:22] [INFO ] xrdp_wm_log_msg: login failed for display 0
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52166
|  [20190625-10:20:20] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52167
|  [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52176
|  [20190625-10:21:19] [INFO ] A connection received from: ::ffff:192.168.1.32 port 52177

Answer 1

Я не совсем уверен в этом, просто догадываюсь, что нам может понадобиться выражение, подобное:

(\[[0-9]{8}.+?A connection received from: ::ffff:.+?port\s+[0-9]+)

с флагом s.

Пожалуйста, смотритедемо для дополнительного объяснения.