-
Hello, I try to setup Fail2ban with apache mod evasive My issue is that failregex founded on a tutorial dont match whith my log format. Exemple of log:
I have to take fail2ban action for ip 92.154.23.109 matching with [evasive20:error] ... client denied by server configuration Thank you in advance for help |
Beta Was this translation helpful? Give feedback.
Answered by
sebres
Feb 17, 2022
Replies: 1 comment 1 reply
-
[Definition]
failregex = ^\s*(?:\[\] )?\[evasive\d+:error\] \[[^\]]*\] \[client <ADDR>:\d+\] client denied by server configuration\b
|
Beta Was this translation helpful? Give feedback.
1 reply
Answer selected by
sebres
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(?:\[\] )?
matches the remaining[]
after fail2ban cuts out the timestamp matching defaultdatepattern
(optional if it'd change or if the backend switches to systemd journal).