Hi Tom, As of right now the jails scan similar to "/var/*/log/file" which works great but does not retain much information so I'd have to grep the same for an IP and see what logs it came up with. I just hoped since it was already pulling the logs of these files it could at lease parse the log file it originated from into the fail2ban.log
Fail2ban is great but stops a wee bit short of the immediate imagination of what we could actually do with the system. *-Matt Demaree, CEO* *HTDNET, LLC540-905-8111 x1469 <540-905-8111%20x1469> Office | 540-905-1469 <540-905-1469> Cell | 540-272-8589 <540-272-8589> Fax* *[email protected] <[email protected]> | **[email protected] <[email protected]> | **www.htd.net <https://www.htd.net/>* How are we doing? Feel free to submit a review... Google <https://plus.google.com/+HtdNet20119> | Angies <http://click.mail.angieslistbusinesscenter.com/?qs=029644af371ccb5617493fbb0d66c0b19b8fdbd1ebd50213a3d97fd70404ab55486aabeb996bc8146d8a0af3b12af483> | Yelp <https://www.yelp.com/writeareview/biz/Tex0fROXMdTRrVhGtMjhrg?return_url=%2Fbiz%2FTex0fROXMdTRrVhGtMjhrg> | Yahoo <https://local.yahoo.com/info-63663678-htdnet-llc-catlett#> | Thumbtack <https://tack.bz/2oAxd>| BBB <http://www.bbb.org/richmond/business-reviews/computer-consultant/htdnet-llc-in-catlett-va-63404119/add-review> | Facebook <https://www.facebook.com/HTDNET> | Website <https://www.htd.net/> On Tue, Nov 29, 2016 at 3:31 AM, Tom Hendrikx <[email protected]> wrote: > > On 28-11-16 23:40, Matthew Demaree wrote: > > It's great the log tells me what bans and what is unbanned or what > > IPs were found to violate a jail, but I am really interested in > > knowing which domain the offense was triggered against. > > > > Example: > > > > Currently 2016-11-28 16:52:44,838 filter [jail-example] Found > > 123.45.67.89 > > > > What I want to see: 2016-11-28 16:54:52,886 filter [jail-example] > > Found 123.45.67.89 - example.com <http://example.com> > > > > Hi Matthew, > > I guess you mean 'domain' in the context of a webserver? Your webserver > should then generate separate log files per domain, and you should > create a jail for each logfile. The jailname can refer to the domain you > are monitoring. > > Regards, > Tom > > ------------------------------------------------------------ > ------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
