fail2ban/config/filter.d/znc-adminlog.conf

35 lines
912 B
Plaintext
Raw Normal View History

2019-01-06 17:44:21 +00:00
# Fail2Ban filter for ZNC (requires adminlog module)
#
# to use this module, enable the adminlog module from within ZNC and point
# logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log).
[DEFAULT]
logtype = file
2019-01-06 17:44:21 +00:00
[Definition]
_daemon = znc
# Prefix for different logtype (file, journal):
#
__prefix_file = (?:\[\]\s+)?
__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+
__prefix_journal = %(__prefix_short)s
__prefix_line = <__prefix_<logtype>>
failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from <ADDR>
2019-01-06 17:44:21 +00:00
ignoreregex =
journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc
2019-01-06 17:44:21 +00:00
# DEV Notes:
# Log format is: [<DATE+TIME>] [<USERNAME>] <ACTION> from <ADDR>
2019-01-06 17:44:21 +00:00
# [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4
# [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4
# [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4
#
# Author: Tobias Girstmair (//gir.st/)