Fail2ban：failregex 中使用的正規表示式不起作用（方括號] 問題？！）

使用fail2ban，我想根據 apache_access.log 檔案的內容禁止IP。

這是我想要與正規表示式規則相符的行的範例：

197.221.254.56 - - [13/Jun/2022:22:59:59 +0200] "GET / HTTP/1.0" 400 0 "-" "-"

所以，這是我的fail2ban自訂過濾器檔案：

[Definition]

failregex = ^<ADDR> - - \[\S+ \S+\] "GET \/ HTTP\/1.0" 400 \S "-" "-"$
ignoreregex =

正規表示式在「https://regex101.com/」等網站上完美運行

但是當我使用如下所示的fail2ban-regex 工具時：

sudo fail2ban-regex /var/log/site1_access.log /etc/fail2ban/filter.d/les400enhttp1-0.conf

我什麼都匹配。

我嘗試使用這個最簡單的正規表示式規則：^<ADDR> - - \[\S+ \S+ 它的工作原理！

Results
=======

Failregex: 10 total
|-  #) [# of hits] regular expression
|   1) [10] ^<ADDR> - - \[\S+ \S+
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [10] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-

Lines: 10 lines, 0 ignored, 10 matched, 0 missed
[processed in 0.03 sec]

但是當我嘗試使用正規表示式時：（^<ADDR> - - \[\S+ \S+\]左方sracket]新增到右側））命令“fail2ban-regex”返回我：

Lines: 10 lines, 0 ignored, 0 matched, 10 missed
[processed in 0.03 sec]

|- Missed line(s):
|  36.170.59.167 - - [13/Jun/2022:22:59:59 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  183.228.2.12 - - [13/Jun/2022:22:59:59 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  183.228.2.12 - - [13/Jun/2022:22:59:59 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  126.131.138.146 - - [13/Jun/2022:22:59:59 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  197.221.254.56 - - [13/Jun/2022:22:59:59 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  110.11.157.122 - - [13/Jun/2022:23:00:00 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  220.135.236.27 - - [13/Jun/2022:23:00:00 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  61.231.224.176 - - [13/Jun/2022:23:00:00 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  106.165.107.215 - - [13/Jun/2022:23:00:00 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
|  61.231.224.176 - - [13/Jun/2022:23:00:00 +0200] "GET / HTTP/1.0" 400 0 "-" "-"
`-

10 錯過了！當我新增左方括號 (]) 時，我的範例行均不與正規表示式相符

我不明白我的錯誤在哪裡...感謝您的幫助:)