[email protected] wrote:
> but I want on action beside the ban ip, to send also corresponding log line
i've made something looks alike.
However, all bans are recorded in /var/lib/fail2ban/fail2ban.sqlite3
try sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "SELECT * FROM bans;"
timestamp is in field timeofban as usual unix date.
IIRC <time> could be used in action etc., but is seconds since january 1st 1970.
regards Peter
PS: sorry sent twice, From: doesn't matched mailinglist filter
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
#
[Definition]
# bypass ban/unban for restored tickets
norestored = 1
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = /bin/true
# printf %%b "Hi,\n
# The jail <name> has been started successfully.\n
# Regards,\n
# Fail2Ban"|mail -s "[Fail2Ban] <name>: started on `uname -n`"
<dest>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = /bin/true
# printf %%b "Hi,\n
# The jail <name> has been stopped.\n
# Regards,\n
# Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on `uname -n`"
<dest>
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = tail -n 20 /var/log/httpd/access_log
>/var/tmp/f2b-INFO-mail-$$.txt
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = grep -h "<ip>" /var/tmp/f2b-INFO-mail-*.txt
>/var/tmp/f2b-INFO-grep-$$.txt; printf %%b "Hi,\n
The IP <ip> has just been recognized by Fail2Ban after
<failures> attempts against <name>.\n
Regards,\n
Fail2Ban\n\n" |cat "-" /var/tmp/f2b-INFO-grep-*.txt |mail -s
"[Fail2Ban] <name>: recognized from <ip> to `uname -n` at <time>" <dest> ; rm
-f /var/tmp/f2b-INFO-grep-*.txt ; rm -f /var/tmp/f2b-INFO-mail-*.txt
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =
[Init]
# Default name of the chain
#
name = default
# Destination/Addressee of the mail
#
dest = root
[INFO-apache]
maxretry = 1
enabled = true
findtime = 2
bantime = 600
banaction = INFO-mail
logpath = %(apache_access_log)s
# Fail2Ban configuration file
#
# Regexp to catch access to apache we wont know about.
[Definition]
observecustom = /bnd/nov_xx.log.tar.gz
observe = robots.txt
failregex = ^<HOST>
-.*"(GET|POST|HEAD).*(?:%(observe)s|%(observecustom)s).*HTTP/1[.][01]".*$
^\[\] \[\S+:\d+\] \[client
<HOST>(:\d{1,5})?\].*"(GET|POST|HEAD).*(?:%(observe)s|%(observecustom)s).+HTTP/1[.][01]"
\d+ \d+ ".*" ".*"$
ignoreregex =
datepattern = ^[^\[]*\[({DATE})
{^LN-BEG}
# DEV Notes:
# List of bad bots fetched from http://www.user-agents.org
# Generated on Thu Nov 7 14:23:35 PST 2013 by files/gen_badbots.
#
# Author: Yaroslav Halchenko
#
# rewritten by Peter Heirich for a different logformat
#
#[02/Apr/2017:09:18:31 +0200] [heirich.eu:80] [client 94.223.140.41] - - "GET
/xyz.php HTTP/1.1" 403 488 "-" "Wget/1.14 (linux-gnu)"
# first - : logname from identd, if supplied ; This will be a dash unless
mod_ident is present and IdentityCheck is set On.
# second - : username, if http request was sent using auth header
# third - : referer, if any in request
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
