mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
912 B
34 lines
912 B
# Fail2Ban filter for ZNC (requires adminlog module) |
|
# |
|
# to use this module, enable the adminlog module from within ZNC and point |
|
# logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log). |
|
|
|
[DEFAULT] |
|
|
|
logtype = file |
|
|
|
[Definition] |
|
|
|
_daemon = znc |
|
|
|
# Prefix for different logtype (file, journal): |
|
# |
|
__prefix_file = (?:\[\]\s+)? |
|
__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+ |
|
__prefix_journal = %(__prefix_short)s |
|
|
|
__prefix_line = <__prefix_<logtype>> |
|
|
|
failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from <ADDR> |
|
|
|
ignoreregex = |
|
|
|
journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc |
|
|
|
# DEV Notes: |
|
# Log format is: [<DATE+TIME>] [<USERNAME>] <ACTION> from <ADDR> |
|
# [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4 |
|
# [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4 |
|
# [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4 |
|
# |
|
# Author: Tobias Girstmair (//gir.st/)
|
|
|