Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Customize fail2ban Log Message #2393

Open
3 tasks done
paulsen-it opened this issue Apr 2, 2019 · 4 comments
Open
3 tasks done

Customize fail2ban Log Message #2393

paulsen-it opened this issue Apr 2, 2019 · 4 comments
Labels
enhancement

Comments

@paulsen-it
Copy link

Environment:

  • Fail2Ban version (including any possible distribution suffixes):
  • OS, including release name/version:
  • Fail2Ban installed via OS/distribution mechanisms
  • You have not applied any additional foreign patches to the codebase
  • Some customizations were done to the configuration (provide details below is so)

The issue:

fail2ban logs bans with this message:

2019-04-02 15:27:42,318 fail2ban.actions: WARNING [apache] Ban 44.110.20.110
It is possible to add the log-file at the end of this message. So I can see in which log-File the ban is happend.

2019-04-02 15:27:42,318 fail2ban.actions: WARNING [apache] Ban 44.110.20.110 /var/log/apache2/error.log

Because I work with wildcards so there are many log-files /var/log/sites/*/log/error.log and I cannot see which log-file will be found from fail2ban.
@CreativeWolf
Copy link

This will be an awesome addition indeed to analyze site-wise bans.

@sebres
Copy link
Contributor

sebres commented May 10, 2019

The log-file from where the failures are coming is not a part of API in the moment (neither it is referenced in the ticket, nor I'm convinced it should be really done for several reasons).

So grep --files-with-matches -wF $ip /log/path/mask remains your friend yet.

@CreativeWolf
Copy link

Heya @sebres appreciate your response.

I understand it's not part of the API at the moment.
The use case I'm looking at is, to feed fail2ban log to ELK and be able to monitor, visualize site wise data on bans.
Are you suggesting, to get the banned IP addresses from the fail2ban log and then grep through the web server logs?

Purely for learning and understanding, what are your reasons that you think aren't convincing you?

Thanks!

@sebres
Copy link
Contributor

sebres commented May 10, 2019

get the banned IP addresses from the fail2ban log

Why if there is a fail2ban database, where this info (with many other) is available via SQL?

@sebres sebres mentioned this issue Jun 11, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sebres @CreativeWolf @paulsen-it