Hello everybody, Thank you for the replies so far, much appreciated.
I managed to install fail2ban on the older CentOS server and created my own filter, action and failregex and did the following trick: cp /etc/fail2ban/action.d/iptables-multiport.conf /etc/fail2ban/action.d/iptables-apache1-multiport.conf find='iptables -' replace='ssh root@hostname -C /sbin/iptables -' sed -i -e "s,$find,$replace,g" /etc/fail2ban/action.d/iptables-apache-multiport.conf So it runs fail2ban on the server with the logs but does the bans on an other iptable server, it seems to be working as needed. If this is not an good implementation or can be improved let me know please. Better ways to have done this failregex are welcome as well: failregex = ^.*WebApplication.registerFailedLoginAttempt: (Login failed|Invalid Web User),IP\=<HOST> 2016-06-09 16:33:11.018 WebApplication.registerFailedLoginAttempt: Invalid Web User,IP=192.168.203.214,WebLogin=,context= [64] Kind regards, Jelle de Jong On 09/06/16 13:18, Jelle de Jong wrote: > Before I start making customs scripts with inotifiy-tools, rscync etc > that probably slow down the system.. > > I got an centos 5 tomcat server that contains a logfile with log-in > attempts that need to be checked. There is a proxy server before this > that contains fail2ban and iptables. > > How can I make the logpath option use the logfile on the other server? > > If this is not possible what would be a recommended way to synchronise > the logfile so fail2ban can use it? Examples please.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
