It's auto-generated by the complain action.
My servers typically have multiple IP addresses assigned to them. I could just include something like, "Here are the list of IPs that *COULD* have received the attack: 1.2.3.4, 5.6.7.8, a.b.c.d, etc." but I doubt that would go over well. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Fabio Martins" <[email protected]> To: "Mike Hammett" <[email protected]> Cc: [email protected] Sent: Thursday, April 30, 2020 9:09:06 AM Subject: Re: [Fail2ban-users] Log Modifications To Include Destination IP If the IP address of your server is static, you can hardcode it in the report. But if the IP address of your server is dynamic, like PPPoE, a script can obtain it while generating the report. How is your abuse report being generated? Regards -- Fabio Martins > Tangential to Fail2Ban's core function, but does anyone know if there's a > method to modify the logging behavior of sshd, apache, various mail > servers to include which IP address they received the request on? > > > I have abuse reports being rejected because I don't know which IP on my > server was attacked. The other networks much be running CGNAT or other > address-sharing methods and apparently need their hand held. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
