Have you run?: fail2ban-regex /var/log/mysql.warn /etc/fail2ban/filter.d/mysqld-auth.conf
Bill On 12/29/2015 10:38 AM, Michiel Hazelhof wrote: > Hi All, > > I am running the current default mysqld-auth filter > (https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/mysqld-auth.conf), > and for some reason it is banning ip adresses that do not occur in the > log file and fails to ban ip's that do occur. > > Jail.conf: > [mysqld-iptables] > enabled = true > banaction = iptables-allports > port = 1:65535 > filter = mysqld-auth > logpath = /var/log/mysql.warn > bantime = 604800 > findtime = 86400 > maxretry = 5 > > mysql.warn (not banned, 148 attempts): > 2015-12-29 9:58:48 140359785273088 [Warning] Access denied for user > 'root'@'216.99.157.170' (using password: YES) > > fail2ban.log (banned, but does not occur in mysql.warn): > 2015-12-29 16:32:31,127 fail2ban.actions [8772]: NOTICE > [mysqld-iptables] Ban 155.94.224.210 > > Could anybody help me figure out what is going wrong? > ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
