From: Hajo Locke <[email protected]> > > to stop bruteforce logins to samba i want to create a fail2ban-rule which >blocks IPs with to many login-errors. > > unfortunately used logins and IPs in samba log are scattered to multiple >lines so i cant find a relation. > > i use samba for wan and cant reduce to internal IPs. > > What ist best in my case to get better logs or stop abusing? > nobody has an idea? is there no possibility to get logs which show which ip > is >doing too much false logins?
Maybe have a script running in the background, parsing samba log file to create and alternative log file with all related info on the same line for fail2ban...? JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
