mirror of https://github.com/fail2ban/fail2ban
45 lines
1.6 KiB
Plaintext
45 lines
1.6 KiB
Plaintext
# Generic configuration items (to be used as interpolations) in other
|
|
# apache filters.
|
|
|
|
[INCLUDES]
|
|
|
|
before = common.conf
|
|
# Load customizations if any available
|
|
after = apache-common.local
|
|
|
|
[DEFAULT]
|
|
|
|
# Apache logging mode:
|
|
# all - universal prefix (logfile, syslog)
|
|
# logfile - logfile only
|
|
# syslog - syslog only
|
|
# Use `filter = apache-auth[logging=syslog]` to get more precise regex if apache logs into syslog (ErrorLog syslog).
|
|
# Use `filter = apache-auth[logging=all]` to get universal regex matches both logging variants.
|
|
logging = logfile
|
|
|
|
# Apache logging prefixes (date-pattern prefix, server, process etc.):
|
|
apache-prefix-syslog = %(__prefix_line)s
|
|
apache-prefix-logfile = \[\]\s
|
|
apache-prefix-all = (?:%(apache-prefix-logfile)s|%(apache-prefix-syslog)s)?
|
|
|
|
# Setting for __prefix_line (only `logging=syslog`):
|
|
_daemon = (?:apache\d*|httpd(?:/\w+)?)
|
|
|
|
apache-prefix = <apache-prefix-<logging>>
|
|
|
|
apache-pref-ignore =
|
|
|
|
_apache_error_client = <apache-prefix>\[(:?error|<apache-pref-ignore>\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[(?:client|remote) <HOST>(:\d{1,5})?\]
|
|
|
|
datepattern = {^LN-BEG}
|
|
|
|
# Common prefix for [error] apache messages which also would include <HOST>
|
|
# Depending on the version it could be
|
|
# 2.2: [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4]
|
|
# 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652]
|
|
# 2.4 (perfork): [Mon Dec 23 07:49:01.981912 2013] [:error] [pid 3790] [client 204.232.202.107:46301] script '/var/www/timthumb.php' not found or unable to
|
|
#
|
|
# Reference: https://github.com/fail2ban/fail2ban/issues/268
|
|
#
|
|
# Author: Yaroslav Halchenko
|