There are probably quite a few things you could do.
You could change the action for the single jail and instead of it doing
a "-j DROP" (assuming iptables), you could do a "-j LOG" then perhaps
add a log message. Check "man iptables".
Alternatively you could change the action away from iptables, perhaps to
something like "logger -t your_message" and your message could pick up
the jail name and host name passed to it by iptables.
As soon as you do a specific jail action and move away from a firewall
action, you can script what you want.
Nick
On 2017-10-09 07:59, Dominic Raferd wrote:
Is it possible to modify a setting for a fail2ban jail such that it
takes no real action but still logs what it would have done?
Use case: I have two jails which are reacting to the same underlying
event - a failed smtp auth login - sometimes one triggers and
sometimes the other. I want to see if I stop using one, the other
picks up all the events or whether it misses some.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
