I don't think that f2b can deal with such a nasty logging setup. You should find a way to:
- get the ip in the logfile contents, in stead of the in the log file name - get a steady log file name, f.i. samba.log. I haven't used samba in ages, google top hit at http://www.oreilly.com/openbook/samba/book/ch04_08.html seems to indicate that you fix the latter in various ways. Maybe when you tinker with debug level, you can also get an ip address in the error line... so no idea if that is possible, but maybe you get it to log to syslog? On 15-10-16 14:20, Pol Hallen wrote: >> You need to show us some logs from samba that include a failed auth >> attempt. You have lot of them, when you're seeing brute-force attempts ;) > > Hello Tom, thanks for your reply :) > > every PC that try to connect with wrong credentails make on samba server > a log like this: > > [2016/10/15 14:14:38.371368, 2] > ../source3/auth/auth.c:315(auth_check_ntlm_password) > check_ntlm_password: Authentication for user [admin] -> [admin] > FAILED with error NT_STATUS_WRONG_PASSWORD > > fail2ban should be check not only a log file but all files: > > 192.168.34.1.log > 192.168.34.2.log > 192.168.34.3.log > 192.168.34.4.log > [...] > > every log file match with a PC > > thanks for help > > Pol > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
