On 06-03-18 08:59, Sophie Loewenthal wrote:
> Morning, 
> 
> My logging from and postfix dovecot is in this format:
> 
> Mar  6 07:49:45 mx dovecot: imap-login: Login: sop...@example.com>, 
> method=PLAIN, rip=94.19.2.3, lip=1.31.1.3, mpid=10655, TLS, TLSv1.2 with 
> cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
> 
> Mar  6 07:55:36 mx postfix/smtpd[10793]: Anonymous TLS connection established 
> from unknown[94.19.2.3]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 
> (256/256 bits)
> 
> How can I adapt the filter to pick this up? I don’t think the regex in  
> filter.d/postfix.conf|dovecot.conf will pick these changed lines up because 
> they have the ciphers included, will they?

Lines that are not understood/matched by fail2ban are ignored.

I don't think these lines signify anything that fail2ban should act on,
but please explain what you would like fail2ban to do, based on those
log lines?

> 
> Best wishes,
> 
> Sophie 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to