# Fail2Ban configuration file for guacamole # # Author: Steven Hiscocks # [Definition] logging = catalina failregex = <L_<logging>/failregex> maxlines = <L_<logging>/maxlines> datepattern = <L_<logging>/datepattern> [L_catalina] failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$ maxlines = 2 datepattern = ^%%b %%d, %%ExY %%I:%%M:%%S %%p ^WARNING:()** {^LN-BEG} [L_webapp] failregex = ^ \[\S+\] WARN \S+ - Authentication attempt from <HOST> for user "<F-USER>[^"]+</F-USER>" failed. maxlines = 1 datepattern = ^%%H:%%M:%%S.%%f # DEV Notes: # # failregex is based on the default pattern given in Guacamole documentation : # https://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging # # The following logback.xml Guacamole configuration file can then be used accordingly : # <configuration> # <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender"> # <file>/var/log/guacamole.log</file> # <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> # <fileNamePattern>/var/log/guacamole.%d.log.gz</fileNamePattern> # <maxHistory>32</maxHistory> # </rollingPolicy> # <encoder> # <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern> # </encoder> # </appender> # <root level="info"> # <appender-ref ref="FILE" /> # </root> # </configuration>