> Reading the manual on fail2ban website, I see the section about required > timestamps at the beginning of log lines. > > But people posting sample rules around the web for Nginx which > has a default log format that starts with the IP address and does not start > with a timestamp where the rule captures the HOST anchored to beginning > of the line. > > Like: > > ^<HOST> .+ "(GET|POST)... > > Where log line is like > > 1.2.3.4 - - [09/Jul/2015:13:27:50 +0100] "GET / HTTP/1.1" 200 19344 ... > > I tried this out and it works fine (my custom filters catch and ban offending > requests) without having the timestamp on front of the line and the filter > regex actually gobbling up the timestamp! > > So was there a change in recent fail2ban version about how timestamp is > handled? Can please explain? Also website need to be updated?
Anyone can address this please? Is anything important I sould be aware of? ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
