Hi Piviul, Are your jail.local config like this?
[guacamole] enabled = true port = http,https logpath = /var/log/tomcat/catalina.*.log Seem the Warning message are logged on /var/log/message instead of /var/log/tomcat/catalina.*.log I have using Fedora 31. Regards, Chris -----Original Message----- From: Piviul <[email protected]> Sent: Monday, March 23, 2020 5:16 PM To: [email protected] Subject: Re: fail2ban plugin for guacamole Piviul ha scritto il 21/03/20 alle 08:13: > Il 20/03/20 18:51, Mike Jumper ha scritto: >> [...] >> Any idea what pattern/regex the fail2ban plugin is using to match >> login failures? It may be that the plugin is out-of-date and no >> longer matches the messages logged by the webapp. > yes, in effect the log pattern doesn't match. Do you know if guacamole > distribute the fail2ban filter for the 1.1.0 or I have to modify the > filter myself? I have changed the fileregex parameter from > failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user > "[^"]*" failed\.$ to > failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - > Authentication attempt from <HOST> for user "[^"]*" failed\.$ in the filter configuration file[¹] and all seems to work as expected. Best regards Piviul [¹] /etc/fail2ban/filter.d/guacamole.conf --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] This message and its attachment (if any) are strictly confidential and sent to the designated recipient(s) only. If you are not the intended recipient, please notify the sender by e-mail and delete this message and its attachment (if any) from your computer system immediately . Century City International Holdings Limited, Paliburg Holdings Limited, Regal Hotels International Holdings Limited, its respective related subsidiaries, associated companies and affiliates do not guarantee this message and its attachment (if any) are free of computer virus and would not accept any liability whatsoever arising from Internet transmission. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
