mirror of https://github.com/fail2ban/fail2ban
35efca5941
Many times faster and fewer CPU-hungry because of parsing with `maxlines=1`, so without line buffering (scrolling of the buffer-window). Combination of tags `<F-MLFID>` and `<F-NOFAIL>` can be used now to process multi-line logs using single-line expressions: - tag `<F-MLFID>`: used to identify resp. store failure info for groups of log-lines with the same identifier (e. g. combined failure-info for the same conn-id by `<F-MLFID>(?:conn-id)</F-MLFID>`, see sshd.conf for example) - tag `<F-NOFAIL>`: used as mark for no-failure (helper to accumulate common failure-info); filter.d/sshd.conf: [sshd], [sshd-ddos], [sshd-aggressive] optimized with pre-filtering using new option `prefregex` and new multi-line handling. |
||
|---|---|---|
| .. | ||
| action.d | ||
| filter.d | ||
| fail2ban.conf | ||
| jail.conf | ||
| paths-common.conf | ||
| paths-debian.conf | ||
| paths-fedora.conf | ||
| paths-freebsd.conf | ||
| paths-opensuse.conf | ||
| paths-osx.conf | ||