[Fail2ban-users] jail.local not triggered

Fri, 30 Aug 2019 09:31:44 -0700 

So I can run fail2ban-regex and get matches.

[root@xspdm2 ~]# fail2ban-regex
/var/broadworks/logs/apache/access_log.2019-08-29-19_12_06
/etc/fail2ban/filter.d/apache-Mac.conf

Running tests
=============

Use   failregex filter file : apache-Mac, basedir: /etc/fail2ban
Use         log file :
/var/broadworks/logs/apache/access_log.2019-08-29-19_12_06
Use         encoding : UTF-8


Results
=======

Failregex: 57041 total
|-  #) [# of hits] regular expression
|   1) [57041] ^<HOST>.*"GET.*HTTP/1.1" [401|404]{3}
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [57071] Day(?P<_sep>[-/])MON(?P=_sep)Year[
:]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-

Lines: 57071 lines, 0 ignored, 57041 matched, 30 missed
[processed in 7.20 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 30
lines

Yet when I run fail2ban using jail.local and using the filter
apache-Mac.conf it does not get any matches.

filter.d
:24 apache-Mac.conf
[email protected]$ cat apache-Mac.conf
#Fail2Ban apache-404 filter
#
# Author: Chet Curry
#
#
[Definition]
#Notes.:regex to match the Host IP and ("Get and <mac address>.cfg
HTTP/1.1" and 401 or 404)
# example
#   HOST                                        "GET
          <mac address>.cfg HTTP/1.1" 401 or 404
# 85.17.172.70 - - [03/Apr/2018:07:25:09 -0400] "GET
/dms/bw/host/bwas/Polycom_VVX500/0004f2050605.cfg HTTP/1.1" 404 952 0 1343
#failregex = ^<HOST>.*"GET.*([0-9a-fA-F]{2}){6}.cfg HTTP/1.1" [401|404]{3}

cat /etc/fail2ban/jail.d/jail.local
[apache-Mac]
enabled = true
port = http,https
filter = apache-Mac
logpath = /var/broadworks/logs/apache/access_log.2019-08-29-19_12_06
maxretry = 50
findtime = 60
bantime = 604800

fail2ban-client status
Status
|- Number of jail:      1
`- Jail list:   apache-Mac
[root@xspdm2 ~]# fail2ban-client status apache-Mac
Status for the jail: apache-Mac
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:
 /var/broadworks/logs/apache/access_log.2019-08-29-19_12_06
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

Any ideas?

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to