On 05/17/2015 02:23 PM, Harrison Johnson wrote: > Try the line in the filter like this: > x-event:publish c-ip:<HOST>
Agreed, it should not have the `*', but see below pertaining to your specific error message. > > On Sun, 2015-05-17 at 15:01 +0100, Anthony Griffiths wrote: >> I'm running fail2ban-0.8.14-1.el6. on centos 6.6 >> >> hi can some clever bod please help me debug a custom filter? >> the application is red5 media server and what I need is quite >> straightforward but I can't get past some errors. >> There's only one expression in the log file I want to watch for and that's >> this: >> "x-event:publish c-ip:xxx.xxx.xxx.xxx" >> this expression occurs only once in this typical log line: >> ~2015-05-17 13:31:22,096 [RTMPExecutor#U1UJYZQL0ISMR-1] INFO >> o.r.s.adapter.ApplicationAdapter - W3C x-category:stream >> x-event:publish >> c-ip:xxx.xxx.xxx.xxx-sname:44c13ddb-de6e-4e84-90a2-5cab442b573d >> x-name:livestream1~ >> >> In jail.local I've added this entry: >> >> [red5] >> >> enabled = true >> filter = red5 >> action = iptables[name=red5, port=1935, protocol=tcp] >> logpath = /path/to/red5.log >> maxretry = 1 >> ignoreip = 123.456.789.10 >> >> I've created a red5.conf file that contains this: >> >> --------------------- >> [INCLUDES] >> >> before = >> >> [Definition] >> >> _daemon = red5 >> >> failregex = ^%(__prefix_line)s x-event:publish c-ip:<HOST>*$ >> >> ignoreregex = >> --------------------- >> >> however fail2ban won't start and throws errors, I know I must have a >> wrong syntax somwhere in the failregex but I don't know where, I've >> tried several syntaxes but fail2ban still won't start and gives this >> error: >> >> # /etc/init.d/fail2ban start >> Starting fail2ban: ERROR Failed during configuration: Bad value >> substitution: >> section: [Definition] >> option : failregex >> key : __prefix_line >> rawval : x-event:publish c-ip:<HOST>$: Include common.conf in your filter's config so it knows what __prefix_line is. [INCLUDES] before = common.conf >> >> Thanks for any help. >> ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
