ENH: Move jail `maxlines` to filter config

2013-04-18 22:11:41 +01:00 · 2013-04-18 22:11:41 +01:00 · 9672e44d39
parent 01499ad0de
commit 9672e44d39
5 changed files with 12 additions and 5 deletions
--- a/config/filter.d/guacamole.conf
+++ b/config/filter.d/guacamole.conf
@ -16,3 +16,7 @@ failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" fa
 # Values:  TEXT
 #
 ignoreregex = 
+
+[Init]
+# "maxlines" is number of log lines to buffer for multi-line regex searches
+maxlines = 2
--- a/config/jail.conf
+++ b/config/jail.conf
@ -32,9 +32,6 @@ findtime  = 600
 # "maxretry" is the number of failures before a host get banned.
 maxretry = 3

-# "maxlines" is number of log lines to buffer for multi-line regex searches
-maxlines = 1
-
 # "backend" specifies the backend used to get files modification.
 # Available options are "pyinotify", "gamin", "polling" and "auto".
 # This option can be overridden in each jail as well.
@ -375,7 +372,6 @@ action   = iptables-multiport[name=Guacmole, port="http,https"]
           sendmail-whois[name=Guacamole, dest=root, sender=fail2ban@example.com]
 logpath  = /var/log/tomcat*/catalina.out
 maxretry = 5
-maxlines = 2


 # Jail for more extended banning of persistent abusers
--- a/fail2ban/client/filterreader.py
+++ b/fail2ban/client/filterreader.py
@ -56,5 +56,8 @@ class FilterReader(OptionConfigReader):
 					# Do not send a command if the rule is empty.
 					if regex != '':
 						stream.append(["set", self._name, "addignoreregex", regex])		
+		if self._initOpts:
+			if 'maxlines' in self._initOpts:
+				stream.append(["set", self._name, "maxlines", self._initOpts["maxlines"]])
 		return stream
 		
--- a/fail2ban/client/jailreader.py
+++ b/fail2ban/client/jailreader.py
@ -65,7 +65,6 @@ class JailReader(ConfigReader):
 				["string", "logencoding", "auto"],
 				["string", "backend", "auto"],
 				["int", "maxretry", 3],
-				["int", "maxlines", 1],
 				["int", "findtime", 600],
 				["int", "bantime", 600],
 				["string", "usedns", "warn"],
--- a/man/jail.conf.5
+++ b/man/jail.conf.5
@ -140,6 +140,11 @@ Using Python "string interpolation" mechanisms, other definitions are allowed an
 baduseragents = IE|wget
 failregex = useragent=%(baduseragents)s

+.PP
+Similar to actions, filters have an [Init] section which can be overridden in \fIjail.conf/jail.local\fR. The filter [Init] section is limited to the following options:
+.TP
+\fBmaxlines\fR
+specifies the maximum number of lines to buffer to match multi-line regexs. For some log formats this will not required to be changed. Other logs may require to increase this value if a particular log file is frequently written to.
 .PP
 Filters can also have a section called [INCLUDES]. This is used to read other configuration files.