Re: [Fail2ban-users] Rearranging the action_mwl output?

Sat, 29 Feb 2020 08:50:41 -0800 

Good Idea.
Here is the actual change I made:

cp /etc/fail2ban/action.d/sendmail-whois-lines.conf 
/etc/fail2ban/action.d/sendmail-whois-lines.conf.backup

vim /etc/fail2ban/action.d/sendmail-whois-lines.conf

Find:
            Here is more information about <ip> :\n
            `/usr/bin/whois <ip> || echo missing whois program`\n\n
            Lines containing failures of <ip>\n";
            %(_grep_logs)s;
            printf %%b "\n

Replace with:

            Lines containing failures of <ip>\n";
            %(_grep_logs)s;
            printf %%b "\n
            Here is more information about <ip> :\n
            `/usr/bin/whois <ip> || echo missing whois program`\n\n



Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com


-------- Original Message --------
*Subject: *  Re: [Fail2ban-users] Rearranging the action_mwl output?
*From: *     Gary Gapinski Via Fail2ban-users 
<fail2ban-users@lists.sourceforge.net>
*To: *         Adam Funk <a24...@ducksburg.com>, Fail2ban-users 
<fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: *      2020-2-24  08:57 AM

On 2/24/20 4:36 AM, Adam Funk wrote:

How can I customize the order of the content of the action_mwl
e-mails?  I'd like to see the matching log lines before the whois
output.
action_mwl is defined at https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf#L220 (your local /etc/fail2ban/jail.conf may vary) and the email is assembled in the action https://github.com/fail2ban/fail2ban/blob/master/config/action.d/sendmail-whois-lines.conf which is typically found at /etc/fail2ban/action.d/sendmail-whois-lines.conf. 

Try moving %(_whois_command)s; after %(_grep_logs)s; in actionban.
Duplicate sendmail-whois-lines.conf and rename (e.g., sendmail-lines-whois.conf) the duplicate, alter the order in actionban, and cite the desired action_mwl definition from jail.conf (both lines, changing the action name) in jail.local. 



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users




_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to