[Fail2ban] Regex on httpd error_log
Posted: 2016/01/19 10:22:44
Hi,
On CentOS 6 i use a simple regex on httpd error_log to ban bots, something that looks like this :
There is no error when I test my filter on CentOS 7 with fail2ban-regex but I don't get any results neither.
But I can see the reference in my error_log (ip_adress_removed is the IP I used to test my server) so I should get at least one result.
Could it be problem of log format ? Because in CentOS 6, my error_log would look like this :
On CentOS 6 i use a simple regex on httpd error_log to ban bots, something that looks like this :
Code: Select all
failregex = \[client <HOST>\] File does not exist:.*(?i)phpmyadmin.*
Code: Select all
/usr/bin/fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/apache-phpmyadmin.conf
Code: Select all
[Tue Jan 19 11:03:48.723037 2016] [core:info] [pid 26936] [client ip_adress_removed:13027] AH00128: File does not exist: /var/www/html/phpmyadmin
Code: Select all
[Mon Jan 18 19:27:26 2016] [error] [client ip_adress_removed] File does not exist: /var/www/html/phpmyadmin