New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting a custom date pattern #1278
Comments
Your fail2ban version? Because this format should be a standard format (at least since v.0.9), so just remove (or comment with If I correct understood the output of
Or little bit simplified for exact that you have:
You can any time test your own format using: fail2ban-regex -d "%d-%b-%Y %H:%M:%S.%f" <LOG> <FILTER> Example v.0.9.3 with standard dateformats: $ fail2ban-regex "21-Dec-2015 21:35:22.843 client 1.2.3.4#40278 (example.com): query (cache) 'example.com/A/IN' denied" ./config/filter.d/named-refused.conf
/usr/bin/python | (2, 7, '2.7.6 (default, Jun 22 2015, 17:58:13) \n[GCC 4.8.2]')
Running tests
=============
Use failregex filter file : named-refused, basedir: ./config
Use single line : 21-Dec-2015 21:35:22.843 client 1.2.3.4#40278 (exa...
Results
=======
Failregex: 1 total
...
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] Day(?P<_sep>[-/])MON(?P=_sep)Year[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
[processed in 0.00 sec] $ fail2ban-regex -d "%d-%b-%Y %H:%M:%S.%f" "21-Dec-2015 21:35:22.843 client 1.2.3.4#40278 (example.com): query (cache) 'example.com/A/IN' denied" ./config/filter.d/named-refused.conf
/usr/bin/python | (2, 7, '2.7.6 (default, Jun 22 2015, 17:58:13) \n[GCC 4.8.2]')
Running tests
=============
Use datepattern : Day-MON-Year 24hour:Minute:Second.Microseconds
Use failregex filter file : named-refused, basedir: ./config
Use single line : 21-Dec-2015 21:35:22.843 client 1.2.3.4#40278 (exa...
Results
=======
Failregex: 1 total
...
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] Day-MON-Year 24hour:Minute:Second.Microseconds
`-
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
[processed in 0.00 sec] |
Hi,
I'm trying to stop a stream of DNS DDOS attacks.
Firstly, I added a time and date to my BIND log.
So in
/etc/named.conf
, I addedprint-time yes;
In
/var/named/data/named.run
, this adds21-Dec-2015 21:35:22.843
in front of entries, such asclient 82.118.233.142#4444: query (cache) 'cpsc.gov/ANY/IN' denied
Now, I've added the following to my
/etc/fail2ban/jail.local
:However, I think my
datepattern
format is wrong, because in/var/log/logwatch.log
I can see:and
Can someone please help?
Thanks
The text was updated successfully, but these errors were encountered: