-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot get match with F2B .11 and Plesk 12.5, Ubuntu 14.04 #2192
Comments
Your datepattern is only in jail (but not in filter). The fail2ban-regex tool does not know about this, so either you should provide it by start ( [Definition]
failregex = ^\s*\w+ fscu: PASSWORD MISMATCH, ip=\[<HOST>\]
datepattern = %%b-%%d-%%H:%%M:%%S In this case you don't need it in jail. Why it does not ban inside the server (that has correct datepattern) could have several reasons:
Thus closed. |
will try these and report back; I believe the time is correct (I did see that notice) but will check that as well. Thanks for your response sebres |
That's all it was, matched/banned perfectly. Not sure where/why I was under the impression the datepattern should be in the jail - you might want document that it should be part of the filter if it's not. Thanks again. |
this is imho not so (at least for fail2ban >= 0.10) for the fail2ban self to work. |
Environment: Ubuntu 14.04, Plesk 12.5, Fail2Ban .11 (and due to this, we cannot load Fail2Ban within the Plesk Admin. and are controlling/testing it via ssh which is fine).
We are writing, via php, a custom log file
The issue:
Cannot get a match of the filter to the log.
Steps to reproduce
Expected behavior
matches to be shown in testing per above, INFO to show up in Fail2Ban log - ultimately banning an IP per the jail settings
Observed behavior
Any additional information
Other filters/jails are producing results on the same machine, banning IP's fine. We used one of these as source for the "HOST" section of our fscu filter. We updated to .11 to provide for inclusion of the fix to piyo seeing files as paths - exact issue running .9.2
Configuration, dump and another helpful excerpts
Filter - see capture below
Jail is set as:
Filter:
Log entries are coming in as:
Any customizations done to /etc/fail2ban/ configuration
Relevant parts of /var/log/fail2ban.log file:
preferably obtained while running fail2ban with
loglevel = 4
Relevant lines from monitored log files in question:
The text was updated successfully, but these errors were encountered: