Hello,
How do I extract data into a "tag" using a filter?
For example, I am able to get the <HOST> out of the following line but not
the queried domain, "google.com"
Oct 8 18:57:48 ns3 named[865]: client 93.40.109.39#37793 (google.com):
rate limit drop response to 93.40.109.0/24 for google.com IN ANY (009a1f85)
Here is regex in filter:
failregex = %(__line_prefix)sclient <HOST>#.+: rate limit drop.*for (.*)
IN.*$
I'd like to be able to get the queried domain into the action as a tag.
Thanks.
/V
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
