github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated How fail2ban works (markdown)

master
Sergey G. Brester 2023-10-24 18:52:09 +02:00
parent d0274ed3a7
commit 3fc7495bc9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
How-fail2ban-works.md

@ -21,7 +21,7 @@ Each failure (attempt) will be logged in `fail2ban.log` as:<br/>
` INFO [jail] Found 192.0.2.25`<br/>
First if you'll see at least 5 such lines with this IP address within 10 minutes, the IP goes banned and you should see:<br/>
` NOTICE [jail] Ban 192.0.2.25`<br/>
(the solution could be to increase `findtime` or decrease `maxretry`);
If there are some `Found` but no `Ban` messages for an IP, the solution could be to increase `findtime` or decrease `maxretry`. Just note that the larger `findtime` and smaller `maxretry` the higher may be the probability of false positives (mistaken bans of legitimate users);
- no matching date-time pattern or wrong date-time pattern specified for the jail resp. filter via `datepattern`, thus it does not match the log-line at all;
- be careful with `%` character in fail2ban configurations (because of the python-config, it should be dual-escaped `%%`);
- note the time of values that fail2ban recognizes from the log-file will be converted using the system time zone (if not specified different) - be sure that the times, written from the corresponding service into the log, are not too old for the fail2ban;