Please keep discussion on the list and please don't top post. On 02/15/2015 06:58 AM, Davide Perini wrote: > Ok, removing fail2ban-systemd and setting the backend to auto worked ok. > THANKS! > Can you explain me in a simple way why it worked? > Why new things does not work as expected?
The problem is that the httpd log message do not make it into the journal, so there is nothing to match. I think we need a way to indicate this in fail2ban. This is https://github.com/fail2ban/fail2ban/issues/959 This next question I'll leave to the list. > > Another question if I can. > Where can I set the date format that fail2ban must recognize? > > I have a jail like this for phpMyAdmin: > failregex = <HOST> -.*"GET \/phpmyadmin\/ HTTP.*" 401 > > > and my log is written like this: > #cat /var/log/httpd/ssl_access_log > 151.64.44.217 - acme [15/Feb/2015:14:51:32 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:33 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:35 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:37 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:38 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:40 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:41 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:43 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > 151.64.44.217 - acme [15/Feb/2015:14:51:45 +0100] "GET /phpmyadmin/ > HTTP/1.1" 401 4577 > > This jail should ban but it doesn't ban, I think that the reason why it > does not ban is because it doesn't recognize the date, am I wrong? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 http://www.cora.nwra.com ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
