Need help with failregex #3221

ghost · 2022-02-17T09:01:39Z

ghost
Feb 17, 2022

Hello,

I try to setup Fail2ban with apache mod evasive

My issue is that failregex founded on a tutorial dont match whith my log format.

Exemple of log:

[Thu Feb 17 09:25:24.225629 2022] [evasive20:error] [pid 2245693:tid 140292849272576] [client 92.154.23.109:50015] client denied by server configuration: proxy:http://127.0.0.1:80/fr/customer/section/load/,>

I have to take fail2ban action for ip 92.154.23.109 matching with [evasive20:error] ... client denied by server configuration

Thank you in advance for help

Answered by sebres

Feb 17, 2022

[Definition]
failregex = ^\s*(?:\[\] )?\[evasive\d+:error\] \[[^\]]*\] \[client <ADDR>:\d+\] client denied by server configuration\b

(?:\[\] )? matches the remaining [] after fail2ban cuts out the timestamp matching default datepattern (optional if it'd change or if the backend switches to systemd journal).

View full answer

sebres · 2022-02-17T11:11:40Z

sebres
Feb 17, 2022
Maintainer

[Definition]
failregex = ^\s*(?:\[\] )?\[evasive\d+:error\] \[[^\]]*\] \[client <ADDR>:\d+\] client denied by server configuration\b

(?:\[\] )? matches the remaining [] after fail2ban cuts out the timestamp matching default datepattern (optional if it'd change or if the backend switches to systemd journal).

1 reply

ghost Feb 17, 2022

Thank you a lot. I have to try it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Need help with failregex #3221

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Need help with failregex #3221

ghost Feb 17, 2022

Replies: 1 comment · 1 reply

sebres Feb 17, 2022 Maintainer

ghost Feb 17, 2022

ghost
Feb 17, 2022

Replies: 1 comment 1 reply

sebres
Feb 17, 2022
Maintainer