i´m also trying to configure fail2ban, but it is not reading the logs, i´m using Ubuntu 18.04 with Tomcat9, the logs of Tomcat is on /var/log/syslog, there is no catalina.out on /var/log/tomcat9/ anybody make it works??
What have changed on the config of fail2ban? Thanks Em qui., 26 de mar. de 2020 às 06:34, Chris Lee <[email protected]> escreveu: > Hi Piviul, > > Are your jail.local config like this? > > [guacamole] > enabled = true > port = http,https > logpath = /var/log/tomcat/catalina.*.log > > > Seem the Warning message are logged on /var/log/message instead of > /var/log/tomcat/catalina.*.log > > I have using Fedora 31. > > Regards, > Chris > > > -----Original Message----- > From: Piviul <[email protected]> > Sent: Monday, March 23, 2020 5:16 PM > To: [email protected] > Subject: Re: fail2ban plugin for guacamole > > Piviul ha scritto il 21/03/20 alle 08:13: > > Il 20/03/20 18:51, Mike Jumper ha scritto: > >> [...] > >> Any idea what pattern/regex the fail2ban plugin is using to match > >> login failures? It may be that the plugin is out-of-date and no > >> longer matches the messages logged by the webapp. > > yes, in effect the log pattern doesn't match. Do you know if guacamole > > distribute the fail2ban filter for the 1.1.0 or I have to modify the > > filter myself? > I have changed the fileregex parameter from > > failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user > > "[^"]*" failed\.$ > > to > > failregex = ^.*WARN o\.a\.g\.r\.auth\.AuthenticationService - > > Authentication attempt from <HOST> for user "[^"]*" failed\.$ > > in the filter configuration file[¹] and all seems to work as expected. > > Best regards > > Piviul > > [¹] /etc/fail2ban/filter.d/guacamole.conf > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > This message and its attachment (if any) are strictly confidential and > sent to the designated recipient(s) only. If you are not the intended > recipient, please notify the sender by e-mail and delete this message and > its attachment (if any) from your computer system immediately . Century > City International Holdings Limited, Paliburg Holdings Limited, Regal > Hotels International Holdings Limited, its respective related subsidiaries, > associated companies and affiliates do not guarantee this message and its > attachment (if any) are free of computer virus and would not accept any > liability whatsoever arising from Internet transmission. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
