This more of a job for Simple Event Correlator (SEC): https://simple-evcorr.github.io/
Bill On 5/16/2016 11:09 AM, Marcin Mirosław wrote: > Hi! > I'd like to use Fail2ban in a little different scenario than blocking > ip. I'm trying to setup Fail@ban to monitor rbldnsd log to detect > appearing predefined string (this is private uribl server) and send > email to me with information if such string appears. > > examples of log: > 1462867150 8.8.8.8 somedomain.uribl A IN: NXDOMAIN/0/95 > > > 1455794291 8.8.8.8 otherdomain.uribl A IN: NXDOMAIN/0/88 > > > 1455794291 8.8.8.8 anotherdomain.pl A IN: NXDOMAIN/0/92 > > I'd like to get notification with line which match failregex to know > that "otherdomain.uribl" appeared in log. I'm using regexp: > .*\s<HOST>\s%otherdomain\.uribls\sA\sIN:\sNXDOMAIN/\d/\d\d$ > Maybe I should change regexp to match <HOST> in place where > "otherdomain.uribl" appears? But how to define both own regexp and > <HOST> to match the same string? > Fail2ban-0.9.3 > > Thanks for any advice. > > Marcin > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
