github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

filter.d/recidive.conf: conditional RE depending on logtype (for file or journal)

pull/3693/head
Sergey G. Brester 2024-03-11 17:49:06 +01:00 committed by GitHub
parent 0b63fc312d
commit dd3c78ecab
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
config/filter.d/recidive.conf
View File

@ -19,7 +19,7 @@
# common.local
before = common.conf
[Definition]
[DEFAULT]
_daemon = (?:fail2ban(?:-server|\.actions)\s*)
@ -27,8 +27,21 @@ _daemon = (?:fail2ban(?:-server|\.actions)\s*)
# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`
_jailname = recidive
failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
[lt_short]
_daemon = (?:fail2ban(?:-server|\.actions)?\s*)
failregex = ^%(__prefix_line)s(?:\s*fail2ban(?:\.actions)?\s*%(__pid_re)s?:\s+)?(?:NOTICE\s+)?\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
[lt_journal]
_daemon = <lt_short/_daemon>
failregex = <lt_short/failregex>
[Definition]
_daemon = <lt_<logtype>/_daemon>
failregex = <lt_<logtype>/failregex>
datepattern = ^{DATE}
ignoreregex =