On Nov 5, 2019, at 10:04 AM, Gary Gapinski via Fail2ban-users <[email protected]> wrote: > It might be possible to create a recidive.local filter.d file which augments > recidive.conf to include an ignoreregex targeting the log entries associated > with your service-specific filter which you wish to exclude from recidive. >
That is exactly what I would suggest, and IMHO it's rather easily doable. The recidive.conf filter includes this failregex: failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$ The variable _jailname is set to 'recidive' by default, so what this failregex does is look for any Ban notifications for jails OTHER than recidive (this is to avoid an infinite loop). So, you could amend _jailname to be an or'd grouped list of jails to avoid, like: _jailname = (recidive|otherjail) Where "otherjail" is the additional jail (or set of jails) you wish to avoid... or you can explicitly specify the ignoreregex: ignoreregex = NOTICE\s+\[otherjail\]\s+Ban\s+ Either method should work. Cheers. --- Amir
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
