Thanks, i borrowed the pattern from apache-common.conf:
failregex = \[[^]]*\] \[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])?
\[client <HOST>(:\d{1,5})?\] davical: Login failure: WARN: Invalid
username or password., referer: .*$
This matches yields the desired matches.
Best Michael
Am 07.03.2017 um 15:54 schrieb Michael H:
> On 07/03/17 14:50, Michael Strobel wrote:
>> Hi,
>>
>> thanks, that was just a typo in the mail:
>
> Worth checking :)
>
>>
>> cat /etc/fail2ban/jail.local
>>
>> yields
>>
>> [davical]
>> enabled = true
>> port = https
>> filter = davical
>> logpath = /var/log/apache2/error.log
>>
>> the logfile states that the davical rules are loaded:
>>
>> fail2ban.jail [19525]: INFO Creating new jail 'davical'
>> fail2ban.jail [19525]: INFO Jail 'davical' uses pyinotify
>> fail2ban.jail [19525]: INFO Initiated 'pyinotify' backend
>> fail2ban.filter [19525]: INFO Added logfile = /var/log/apache2/error.log
>> fail2ban.filter [19525]: INFO Set maxRetry = 3
>> fail2ban.filter [19525]: INFO Set findtime = 600
>> fail2ban.actions[19525]: INFO Set banTime = 600
>> fail2ban.jail [19525]: INFO Jail 'ssh' started
>> fail2ban.jail [19525]: INFO Jail 'apache' started
>> fail2ban.jail [19525]: INFO Jail 'davical' started
>>
>
> Have you taken a look at the davical filter and used fail2ban-regex to
> test it against your logs?
>
> man fail2ban-regex
> fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]
>
>>
>>
>>
>> Am 07.03.2017 um 15:20 schrieb Michael H:
>>> On 07/03/17 14:06, Michael Strobel wrote:
>>>> Hello everyone,
>>>>
>>>> i tried to add a fail2ban rules for davical using this template:
>>>>
>>>> http://www.wenks.ch/fabian/fail2ban/
>>>>
>>>
>>> /etc/fail2ban/jail.local or /etc/fail2ban/jails.local?
>>> /\
>>>
>>>> i added this to jails.local:
>>>> [davical]
>>>> enabled = true
>>>> filter = davical
>>>> port = https
>>>> logpath = /var/log/apache2/error.log
>>>>
>>>> but it does not seem to match my apache log format:
>>>>
>>>> [Tue Mar 07 14:45:59.835147 2017] [:error] [pid 18243] [client
>>>> 192.168.1.10:37854] davical: Login failure: WARN: Invalid username or
>>>> password., referer: https://cal.URL.com/
>>>>
>>>> Could somebody help me out?
>>>>
>>>> Thanks
>>>> Michael
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Announcing the Oxford Dictionaries API! The API offers world-renowned
>>>> dictionary content that is easy and intuitive to access. Sign up for an
>>>> account today to start using our lexical data to power your apps and
>>>> projects. Get started today and enter our developer competition.
>>>> http://sdm.link/oxford
>>>> _______________________________________________
>>>> Fail2ban-users mailing list
>>>> Fail2ban-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Announcing the Oxford Dictionaries API! The API offers world-renowned
>>> dictionary content that is easy and intuitive to access. Sign up for an
>>> account today to start using our lexical data to power your apps and
>>> projects. Get started today and enter our developer competition.
>>> http://sdm.link/oxford
>>> _______________________________________________
>>> Fail2ban-users mailing list
>>> Fail2ban-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>>
>>
>> ------------------------------------------------------------------------------
>> Announcing the Oxford Dictionaries API! The API offers world-renowned
>> dictionary content that is easy and intuitive to access. Sign up for an
>> account today to start using our lexical data to power your apps and
>> projects. Get started today and enter our developer competition.
>> http://sdm.link/oxford
>> _______________________________________________
>> Fail2ban-users mailing list
>> Fail2ban-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>
>
> ------------------------------------------------------------------------------
> Announcing the Oxford Dictionaries API! The API offers world-renowned
> dictionary content that is easy and intuitive to access. Sign up for an
> account today to start using our lexical data to power your apps and
> projects. Get started today and enter our developer competition.
> http://sdm.link/oxford
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
