-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 05-05-15 00:09, Constantin Bugneac wrote:
> Hi All,
>
>
>
> How can I reference a custom parameter (not default ones like
> <HOST> or <ip>) in action file which is taken from filter regex?
>
>
>
> Here is the line in filter file:
>
>
>
> …
>
> failregex = ^%(__line_prefix)s(\.\d+)?( error:)?\s*client
> <HOST>#\S+( \([\S.]+\))?: (view (internal|external): )?query(?:
> \(cache\))? '*(?P<query>\S+)*' denied\s*$
>
> …
>
>
>
> I need to use the value of <query> in action file but it’s not
> substituted when referenced there:
>
>
>
> …
>
> actionban = iptables -I fail2ban-<name> …. -m comment --comment
> "DROP Q *<query>*" -j <blocktype>
>
> …
>
> While debugging I see <query> instead of actual value.
>
>
>
> It does work with <ip> though.
>
> I need to filter by other criteria, not by IP...
>
>
That is not supported by fail2ban. Also, how would iptables filter the
traffic when you're not using the ip in the action? If you want to
separate the bans per query, you'll probably need to define a seperate
jail+filter for each query.
Regards,
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVR/TwAAoJEJPfMZ19VO/1imsQAJlpDxOvggaHuafOD3pdISYX
8xyBzRkyM2hVlIkz8lm0ZX0TNHPuPOW51tncVbaJR6ock5yk0sJFddM29j/VFemy
X9TGzZoZhnCauw6RIDQFf1OdhFx6JUKrUutIg1OxlnhGeYsZwMJG7GdFHC8WebQZ
5FAk48bIHVH6rRpIHf8k2oJpAmZ8NuEjK2rXbHcotmMncxHa3kJHolnv3hcz89za
Kn+xj9zFkia3rDiyjtm1aij1oda6Jw8jsnLAoHRsu9VIFheRf60WGA9warcrtqIr
AUmuy3z3jmc2gcu7jpIHW6haVvUn/AaJLKA7H5BAZMTUkgs0qHHU5Nt2X+JgOHEj
pnhJ5jTOkM4T6zzQ7IGZiLJNJJh5PQG1l9LWLF+dcUmcKlFbtVdhjz2MpMQksdgU
yACLfDzA/tbdOsXIta0ljbcuZTuf5DNyLVGklvbVNuU1sdz5DB6UjibJvnh0UXpl
dKtmvypZWTWF1HopZCqu6dZTNWZxCM0cmfneJrLRtf09sKJd3Ue8JQZ5ScANddGu
8Bd4dF4QHeRKzjmyX9HDYg7IR3aymghiZGh9KqACTXwXs24FMJ32Q0Kf6WQlVUKS
FA+ysbu2HIHBq1UOlJIkZxe9asqBMW9f1bsFr9/UD+9cuKR29NhDmen0Iz1LDKlX
pojsE1eAdtXBJJ+EmSzG
=8vte
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
