I don't think that f2b can deal with such a nasty logging setup. You
should find a way to:

- get the ip in the logfile contents, in stead of the in the log file name
- get a steady log file name, f.i. samba.log.

I haven't used samba in ages, google top hit at
http://www.oreilly.com/openbook/samba/book/ch04_08.html seems to
indicate that you fix the latter in various ways. Maybe when you tinker
with debug level, you can also get an ip address in the error line...

so no idea if that is possible, but maybe you get it to log to syslog?

On 15-10-16 14:20, Pol Hallen wrote:
>> You need to show us some logs from samba that include a failed auth
>> attempt. You have lot of them, when you're seeing brute-force attempts ;)
> 
> Hello Tom, thanks for your reply :)
> 
> every PC that try to connect with wrong credentails make on samba server 
> a log like this:
> 
> [2016/10/15 14:14:38.371368,  2] 
> ../source3/auth/auth.c:315(auth_check_ntlm_password)
>    check_ntlm_password:  Authentication for user [admin] -> [admin] 
> FAILED with error NT_STATUS_WRONG_PASSWORD
> 
> fail2ban should be check not only a log file but all files:
> 
> 192.168.34.1.log
> 192.168.34.2.log
> 192.168.34.3.log
> 192.168.34.4.log
> [...]
> 
> every log file match with a PC
> 
> thanks for help
> 
> Pol
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most 
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> 


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to