Thanks to Halchenko and others for replying to my initial message. I think I have enough understanding of fail2ban to make it useful for the included features.
However, now I want to write custom filter and action. I think I understand that the regex filter has a placeholder for <HOST>, and that field is then available in the action as <ip>. This is correct? Now, what if I want to extract other fields out of the log message in filter? Or multiple fields? For example, let's say I have some log message like: INFO : [date] mesg_type=new_object, path=/home/user1/test.txt, remote_ip=10.0.1.2 I want the value "/home/user1/text.txt" to be passed to the action along with <HOST>/<ip>. Can I do this? If so, how? Thanks Bond ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
