From c91fda8619d8729920d695ab70e26464a0a4ae4d Mon Sep 17 00:00:00 2001
From: Ivo Truxa <truxoft@users.noreply.github.com>
Date: Mon, 3 Feb 2014 21:46:07 +0100
Subject: [PATCH] ENH: Nagios filter

Sample log for the first failregex is available in the testcases. No example available for the IPv6 denial yet.
---
 config/filter.d/nagios.conf | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 config/filter.d/nagios.conf

diff --git a/config/filter.d/nagios.conf b/config/filter.d/nagios.conf
new file mode 100644
index 00000000..d01769cc
--- /dev/null
+++ b/config/filter.d/nagios.conf
@@ -0,0 +1,21 @@
+# Fail2Ban filter for Nagios Remote Plugin Executor (nrpe2)
+# Detecting unauthorized access to the nrpe2 daemon 
+# typically logged in /var/log/messages syslog
+#
+
+
+[INCLUDES]
+# Read syslog common prefixes
+before = common.conf
+
+
+[Definition]
+_daemon     = nrpe
+failregex   = ^%(__prefix_line)sHost <HOST> is not allowed to talk to us!\s*$
+            = ^%(__prefix_line)sConnection from <HOST> closed. We don't support AF_INET6 addreess family in ACL\s*$
+ignoreregex =.
+
+
+# DEV Notes:
+# 
+# Author: Ivo Truxa - 2014/02/03