Re: [Fail2ban-users] Create a Custom Variable in filter file to use in action file pn fail2ban v.8.4

Tue, 06 Feb 2018 13:34:37 -0800 

As far as I know, you can't capture any additional info from the filter.  You 
might
try Simple Event Correlator: https://simple-evcorr.github.io/
I have triggers triggers for when my gateway and VPNs go down or back up.

[0:root@c3po soa]$ rpm -qi sec
Name        : sec
Version     : 2.7.10
Release     : 0.fc24
Architecture: noarch
Install Date: Wed 19 Oct 2016 05:01:14 AM CDT
Group       : System Environment/Daemons
Size        : 590686
License     : GPLv2+
Signature   : RSA/SHA256, Fri 24 Jun 2016 11:58:33 AM CDT, Key ID 
73bde98381b46521
Source RPM  : sec-2.7.10-0.fc24.src.rpm
Build Date  : Fri 24 Jun 2016 10:23:53 AM CDT
Build Host  : arm02-builder06.arm.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://simple-evcorr.sourceforge.net/
Summary     : Simple Event Correlator script to filter log file entries
Description :
SEC is a simple event correlation tool that reads lines from files, named
pipes, or standard input, and matches the lines with regular expressions,
Perl subroutines, and other patterns for recognizing input events.
Events are then correlated according to the rules in configuration files,
producing output events by executing user-specified shell commands, by
writing messages to pipes or files, etc.


Bill


On 2/6/2018 3:52 PM, Ramses wrote:


Hi everybody,

I am using Fail2ban 8.4.

I have created a filter with the following failregex:

failregex = .* Connection with .* \(<HOST> port .*\) activated

The line that appear in the log file is:

2018-02-02 17:27:49 tinc[25152]: Connection with VPN_002 (88.88.88.88 port 
19410) activated

It’s works well but I need know if I can configure a custom variable in the 
filter file to use in the action file later.

By example, I need use what host name was connect 'VPN_002" and pass it to a 
action file.

Regards,

Ramses



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to