Hey Bill,
On Wed, 25 Nov 2015, Bill Shirley wrote:
> Anyone got an idea of how to use the variable 'apacheUser' or 'dport' in this
> filter?
> apache-common.local:
> _apache_access_client =
> (?P<virtualDomain>.+)\s+(?P<hostName>\S+)\[<HOST>\]\s+(?P<dport>\d+)\s+(?P<apacheUser>.+)\s+\[[^]]+\]
You can't. Only <HOST> gets read by fail2ban in filters. Speaking of that,
if you look closely, you'll se that the notation differs:
- "<HOST>" is a fail2ban tag, that gets replaced by fail2ban's own regex,
- "(?P<variable>...)" is a regex notation.
> Seems like it should be accessible in either jail.local or some action (or
> both).
You can only pass parameters from jail.{conf,local} to actions.
Y.
> I've searched the internet but not found any examples.
>
> Bill
> PS. I have a non-standard apache access_log.
>
>
> On 11/23/2015 10:14 AM, Y. wrote:
>> Only 2 or 3 tags actually come from fail2ban: <ip> and <time> in the
>> context of ban/unban actions, and <host> in the context of filters, if I
>> remember correctly.
>>
>> All other tags are user-defined. You can pass parameters when calling an
>> action, between square brackets, and you can read these parameters inside
>> the ban/unban actions: these are all the other tags that you saw.
>>
>> Cheers,
>>
>> Y.
>>
>> On Mon, 23 Nov 2015, Simon Fromme wrote:
>>
>>> Date: Mon, 23 Nov 2015 15:42:24
>>> From: Simon Fromme <[email protected]>
>>> To: [email protected]
>>> Subject: [Fail2ban-users] available tags in actions
>>>
>>> Hello,
>>>
>>> being new to fail2ban I have problems understanding the tag-system. I
>>> was defining a custom action "actions.d/foo.conf" (getting called in the
>>> [recidive] section in "jail.conf") and I am now wondering which tags I
>>> can use within actionban = ...
>>>
>>> I have not found any documentation on this so I was wondering if there
>>> is some summary of tags I can use? As it seems to me there are tags that
>>> are globally available, some that get defined within the [Init] section
>>> of an action and some that I can pass directly to the action from within
>>> jail.conf. Maybe via some other way as well?
>>>
>>> I would be thankful for some information on the mechanism by which tags
>>> are being made available to the actions within actions.d and for a list
>>> of global tags I can use there.
>>>
>>> In the predefined actions I have encountered: <ip>, <name>, <blocktype>,
>>> <chain>, <port>, <protocol>, etc. but I am sure this list is far from
>>> exclusive.
>>>
>>> Thanks a lot for your help!
>>> Simon Fromme
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
