Amir, Gary, that is exactly the direction I was pointing to. Today I'll try to implement it.
Thank you all. Cheers, Giulio Il 05/11/2019 20:19, Amir Caspi ha scritto: > On Nov 5, 2019, at 10:04 AM, Gary Gapinski via Fail2ban-users > <[email protected] > <mailto:[email protected]>> wrote: >> >> It /might/ be possible to create a recidive.local filter.d file which >> augments recidive.conf to include an ignoreregex targeting the log >> entries associated with your service-specific filter which you wish to >> exclude from recidive. >> > That is exactly what I would suggest, and IMHO it's rather easily doable. > > The recidive.conf filter includes this failregex: > > failregex = ^(%(__prefix_line)s| > %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$ > > The variable _jailname is set to 'recidive' by default, so what this > failregex does is look for any Ban notifications for jails OTHER than > recidive (this is to avoid an infinite loop). So, you could amend > _jailname to be an or'd grouped list of jails to avoid, like: > > _jailname = (recidive|otherjail) > > Where "otherjail" is the additional jail (or set of jails) you wish to > avoid... or you can explicitly specify the ignoreregex: > > ignoreregex = NOTICE\s+\[otherjail\]\s+Ban\s+ > > Either method should work. > > Cheers. > > --- Amir > -- Giulio Casella giulio at di.unimi.it System and network architect Computer Science Dept. - University of Milano _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
