I'm running fail2ban-0.8.14-1.el6. on centos 6.6
hi can some clever bod please help me debug a custom filter?
the application is red5 media server and what I need is quite
straightforward but I can't get past some errors.
There's only one expression in the log file I want to watch for and that's this:
"x-event:publish c-ip:xxx.xxx.xxx.xxx"
this expression occurs only once in this typical log line:
~2015-05-17 13:31:22,096 [RTMPExecutor#U1UJYZQL0ISMR-1] INFO
o.r.s.adapter.ApplicationAdapter - W3C x-category:stream
x-event:publish
c-ip:xxx.xxx.xxx.xxx-sname:44c13ddb-de6e-4e84-90a2-5cab442b573d
x-name:livestream1~
In jail.local I've added this entry:
[red5]
enabled = true
filter = red5
action = iptables[name=red5, port=1935, protocol=tcp]
logpath = /path/to/red5.log
maxretry = 1
ignoreip = 123.456.789.10
I've created a red5.conf file that contains this:
---------------------
[INCLUDES]
before =
[Definition]
_daemon = red5
failregex = ^%(__prefix_line)s x-event:publish c-ip:<HOST>*$
ignoreregex =
---------------------
however fail2ban won't start and throws errors, I know I must have a
wrong syntax somwhere in the failregex but I don't know where, I've
tried several syntaxes but fail2ban still won't start and gives this
error:
# /etc/init.d/fail2ban start
Starting fail2ban: ERROR Failed during configuration: Bad value substitution:
section: [Definition]
option : failregex
key : __prefix_line
rawval : x-event:publish c-ip:<HOST>$:
Thanks for any help.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
