Reading the manual on fail2ban website, I see the section about required timestamps at the beginning of log lines.
But people posting sample rules around the web for Nginx which has a default log format that starts with the IP address and does not start with a timestamp where the rule captures the HOST anchored to beginning of the line. Like: ^<HOST> .+ "(GET|POST)... Where log line is like 1.2.3.4 - - [09/Jul/2015:13:27:50 +0100] "GET / HTTP/1.1" 200 19344 ... I tried this out and it works fine (my custom filters catch and ban offending requests) without having the timestamp on front of the line and the filter regex actually gobbling up the timestamp! So was there a change in recent fail2ban version about how timestamp is handled? Can please explain? Also website need to be updated? Thanks awesome software!!! ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
