> >> Reading the manual on fail2ban website, I see the section about required > >> timestamps at the beginning of log lines. > > URL? The fail2ban wiki is not updated much, afaik.
Main site- main link to product documentation. Should be obvious. To me, the most prominent place new users will go to learn about fail2ban. Go to fail2ban.org click on "Manual (Official Fail2ban documentation)" Page will next have a single link on it that leads here http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 So maybe it is pretty important a link is added for .9 > >> But people posting sample rules around the web for Nginx which > >> has a default log format that starts with the IP address and does not start > >> with a timestamp where the rule captures the HOST anchored to beginning > >> of the line. > >> > >> Like: > >> > >> ^<HOST> .+ "(GET|POST)... > >> > >> Where log line is like > >> > >> 1.2.3.4 - - [09/Jul/2015:13:27:50 +0100] "GET / HTTP/1.1" 200 19344 ... > >> > >> I tried this out and it works fine (my custom filters catch and ban > >> offending > >> requests) without having the timestamp on front of the line and the filter > >> regex actually gobbling up the timestamp! > >> > >> So was there a change in recent fail2ban version about how timestamp is > >> handled? Can please explain? Also website need to be updated? > > Sort of the 'magic' of fail2ban for it to find the timestamp within > the logline :) How the timestamp stuff is handled...not sure it's > been changed fundamentally in a long while. What version do you have, > vs what you are asking about? I have v0.9.1, I can only guess there WAS a fundamental change from .8 to .9, for reasons already explained above (presumably clear to anyone who knew .8 behavior). I was hoping someone who knows about that change can verify and explain it a bit (or show a link to Manual v.9 series). ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
