On Fri, 04 Sep 2015, Bond Masuda wrote: > Thanks to Halchenko and others for replying to my initial message. I > think I have enough understanding of fail2ban to make it useful for the > included features.
> However, now I want to write custom filter and action. I think I > understand that the regex filter has a placeholder for <HOST>, and that > field is then available in the action as <ip>. This is correct? correct > Now, what if I want to extract other fields out of the log message in > filter? Or multiple fields? For example, let's say I have some log > message like: > INFO : [date] mesg_type=new_object, path=/home/user1/test.txt, > remote_ip=10.0.1.2 > I want the value "/home/user1/text.txt" to be passed to the action along > with <HOST>/<ip>. Can I do this? If so, how? unfortunately not yet... at least not yet easily see https://github.com/fail2ban/fail2ban/issues/67 which is related you have though <matches> so theoretically you can craft your action to extract needed info from them -- Yaroslav O. Halchenko Center for Open Neuroscience http://centerforopenneuroscience.org Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
