fail2ban/config/filter.d/zoneminder.conf

# Fail2Ban filter for Zoneminder login failures
#

[Definition]

# pattern: [client 10.1.1.1:38022] WAR [Login denied for user "test"], referer: https://zoneminderurl/
#
#
# Option:  failregex
# Notes.:  regex to match the password failure messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)


failregex = ^.*? [[]client <HOST>:\d\d\d\d\d] WAR [[]Login denied for user \S*], referer: \S*$

ignoreregex =

# Notes:
#	Tested on Zoneminder 1.29.0
#
# Author: John Marzella
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00			`# Fail2Ban filter for Zoneminder login failures`
			`#`

			`[Definition]`

implemented yarikoptic's suggestions in fail2ban pull request #1376 2016-04-01 11:16:30 +00:00			`# pattern: [client 10.1.1.1:38022] WAR [Login denied for user "test"], referer: https://zoneminderurl/`
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00			`#`
			`#`
			`# Option: failregex`
			`# Notes.: regex to match the password failure messages in the logfile. The`
			`# host must be matched by a group named "host". The tag "<HOST>" can`
			`# be used for standard IP/hostname matching and is only an alias for`
			`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`


fixed incomplete regex after adding anchors 2016-04-01 11:30:41 +00:00			`failregex = ^.? [[]client <HOST>:\d\d\d\d\d] WAR [[]Login denied for user \S], referer: \S*$`
added zoneminder.conf filter 2016-03-29 10:31:26 +00:00
			`ignoreregex =`

			`# Notes:`
			`# Tested on Zoneminder 1.29.0`
			`#`
			`# Author: John Marzella`