From 9a727bc6e292b0e09b1af9720cf12c10a9328082 Mon Sep 17 00:00:00 2001
From: Ben Hutchison <ben@aldaviva.com>
Date: Tue, 27 Aug 2024 19:15:28 -0700
Subject: [PATCH] Windows' distribution of OpenSSH also changed its logging
 format (tested with 9.5p1) by prepending "sshd: " to the payload text

---
 Fail2Ban4Win/configuration.json | 4 ++--
 Readme.md                       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Fail2Ban4Win/configuration.json b/Fail2Ban4Win/configuration.json
index 9bb7716..5a4cc9b 100644
--- a/Fail2Ban4Win/configuration.json
+++ b/Fail2Ban4Win/configuration.json
@@ -31,12 +31,12 @@
 			"logName": "OpenSSH/Operational",
 			"eventId": 4,
 			"ipAddressEventDataName": "payload",
-			"ipAddressPattern": "^Failed password for(?: invalid user)? .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5} ssh\\d?$"
+			"ipAddressPattern": "^(?:sshd: )?Failed password for(?: invalid user)? .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5} ssh\\d?$"
 		}, {
 			"logName": "OpenSSH/Operational",
 			"eventId": 4,
 			"ipAddressEventDataName": "payload",
-			"ipAddressPattern": "^Invalid user .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5}$"
+			"ipAddressPattern": "^(?:sshd: )?Invalid user .+ from (?<ipAddress>(?:\\d{1,3}\\.){3}\\d{1,3}) port \\d{1,5}$"
 		}
 	]
 }
diff --git a/Readme.md b/Readme.md
index 5851f20..9c58b49 100644
--- a/Readme.md
+++ b/Readme.md
@@ -68,7 +68,7 @@ You can [customize](#configuration) most of the above specifics.
 
 <a id="configuration"></a>
 ## Configuration
-The provided example configuration file has selectors for [Remote Desktop Services](https://docs.microsoft.com/en-us/windows/win32/termserv/terminal-services-portal), [Cygwin OpenSSH sshd](https://cygwin.com/packages/summary/openssh.html) (updated in 1.3.1), and [Windows OpenSSH sshd](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview). It also has some example values for `neverBanSubnets` and other properties that you can replace with your own values.
+The provided example configuration file has selectors for [Remote Desktop Services](https://docs.microsoft.com/en-us/windows/win32/termserv/terminal-services-portal), [Cygwin OpenSSH sshd](https://cygwin.com/packages/summary/openssh.html) (updated in [1.3.1](https://github.com/Aldaviva/Fail2Ban4Win/releases/tag/1.3.1)), and [Windows OpenSSH sshd](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview) (updated in [1.3.1](https://github.com/Aldaviva/Fail2Ban4Win/releases/tag/1.3.1)). It also has some example values for `neverBanSubnets` and other properties that you can replace with your own values.
 
 Be aware that `isDryRun` defaults to `true` to avoid accidentally blocking traffic until you're ready.