Fail2ban – Can I Use Regex in Fail2ban Logpath?

fail2ban

I am using CETNOS 7,yum install fail2ban,in /etc/fail2ban/jail.local,I want to set:

[DEFAULT]
apache_error_log = /var/log/httpd/*error_log
/home/websites/.*?/log/errorlog

to express:

    [DEFAULT]
    apache_error_log = /var/log/httpd/*error_log
    /home/websites/site1/log/errorlog
    /home/websites/site2/log/errorlog

Then,I can use %(apache_error_log)s in /etc/fail2ban/jail.local as below:

[apache-noscript]

port     = http,https
logpath  = %(apache_error_log)s

Is this OK?

Best Answer

Fail2Ban logpath doesn't use regular expressions but glob Unix filename pattern matching.

jail.conf (5), logpath

filename(s) of the log files to be monitored, separated by new lines. Globs -- paths containing * and ? or [0-9] -- can be used however only the files that exist at start up matching this glob pattern will be considered.

Rules:

* matches any number of any characters (including none)
? matches any single character
[abc] matches one of the listed characters
[a-z] matches one character in a (locale-dependent) character range
inside the brackets, ! can be used for negation (POSIX systems)
path separator characters i.e. / are never matched.

Therefore, /home/websites/*/log/errorlog will do.

Related Solutions

Why fail2ban 0.8 doesn’t start properly on Debain 7 Wheezy x64

Had the same problem. There a some deprecated config params in new version of fail2ban.

Following steps fixed that. First uninstall with deletion of all config files:

apt-get remove fail2ban --purge

After that do reinstall:

apt-get install fail2ban

After this steps your config is in default settings and should be edited by your needs.

Fail2ban apache-badbots not blocking IP

In your jail.local, you direct fail2ban to /var/logs/httpd/access_log in stead of /var/log/httpd/access_log like in your regex test.

Best Answer

Related Solutions

Why fail2ban 0.8 doesn’t start properly on Debain 7 Wheezy x64

Fail2ban apache-badbots not blocking IP

Related Topic