El 6 de febrero de 2018 22:32:50 CET, Bill Shirley <[email protected]> escribió: >As far as I know, you can't capture any additional info from the >filter. You might >try Simple Event Correlator: https://simple-evcorr.github.io/ >I have triggers triggers for when my gateway and VPNs go down or back >up. > >[0:root@c3po soa]$ rpm -qi sec >Name : sec >Version : 2.7.10 >Release : 0.fc24 >Architecture: noarch >Install Date: Wed 19 Oct 2016 05:01:14 AM CDT >Group : System Environment/Daemons >Size : 590686 >License : GPLv2+ >Signature : RSA/SHA256, Fri 24 Jun 2016 11:58:33 AM CDT, Key ID >73bde98381b46521 >Source RPM : sec-2.7.10-0.fc24.src.rpm >Build Date : Fri 24 Jun 2016 10:23:53 AM CDT >Build Host : arm02-builder06.arm.fedoraproject.org >Relocations : (not relocatable) >Packager : Fedora Project >Vendor : Fedora Project >URL : http://simple-evcorr.sourceforge.net/ >Summary : Simple Event Correlator script to filter log file entries >Description : >SEC is a simple event correlation tool that reads lines from files, >named >pipes, or standard input, and matches the lines with regular >expressions, >Perl subroutines, and other patterns for recognizing input events. >Events are then correlated according to the rules in configuration >files, >producing output events by executing user-specified shell commands, by >writing messages to pipes or files, etc. > > >Bill > > >On 2/6/2018 3:52 PM, Ramses wrote: >> >> Hi everybody, >> >> I am using Fail2ban 8.4. >> >> I have created a filter with the following failregex: >> >> failregex = .* Connection with .* \(<HOST> port .*\) activated >> >> The line that appear in the log file is: >> >> 2018-02-02 17:27:49 tinc[25152]: Connection with VPN_002 (88.88.88.88 >port 19410) activated >> >> It’s works well but I need know if I can configure a custom variable >in the filter file to use in the action file later. >> >> By example, I need use what host name was connect 'VPN_002" and pass >it to a action file. >> >> Regards, >> >> Ramses >> >> >> >> >------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> _______________________________________________ >> Fail2ban-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Really? I can't create a Custom TAG in filter file to use in action file, by example, in "sendmail-whois.conf"? The line that appear in the log file is: 2018-02-02 17:27:49 tinc[25152]: Connection with VPN_002 (88.88.88.88 port 19410) activated The 'failregex' is actually: failregex = .* Connection with .* \(<HOST> port .*\) activated With this, I can send the Host IP (<HOST> Tag) that in the 'sendmail-whois.conf' is the Tag (<ip>). But now I need change the 'failregex' to something how: failregex = .* Connection with <VPN_NAME> .* \(<HOST> port .*\) activated To use '<VPN_NAME>' and <HOST> in the "sendmail-whois" file. Really that I can't do this? Regards, Ramses ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
