Hi,
Sent from my Huawei phone
I am no authority in either docker nor guacamole inner-workings but I believe you have to pass your log folder to your guacd image so that it writes to the folders on the system and fail2ban can read them.
Basically sudo guacd reads from inside the image of guacd - you have to make sure that fail2ban can read the guacd logs too.
Sent from my Huawei phone
Best regards,
Bogdan Tomasciuc
-------- Original message --------
From: Baptiste <[email protected]>
Date: Thu, Aug 5, 2021, 7:30 PM
To: [email protected]
Subject: Guacamole Docker Image
Hi,I am encountering a bit of a hassle considering the logging system.I use the guacamole/guacamole docker image, with guacd and postgres as db, I followed the general guidelines so nothing outstanding in my setup.However the logging system in docker outputs things that does not appear in catalina*.log, and I am trying to use fail2ban with the said logs.Specifically, I would like to get the line saying :18:24:18.755 [http-nio-8080-exec-3] INFO o.a.g.r.auth.AuthenticationService - User "xxx" successfully authenticated from [[user ip], [container ip]].It appears when doing sudo docker logs guacamoleIt does not appear in catalina*.log as said before.I noticed that the way it is logged is different than, per say :05-Aug-2021 17:41:16.672 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 5067 ms( for instance : no date, only time in auth log )So it must be using a different parsing system, so I tried setting a logback.xml in GUACAMOLE_HOME in order to change what to parse into the log but it seems it is not used since the modifications I made were not seen in the logs after guacamole restarted.Is anyone struggling with this as well ?Have I missed something ( not too terribly I hope ) obvious ?Thanks in advance for your help,Good day to you all
