Log-Files

如何設置fail2ban以在監獄中讀取多日誌?

  • May 22, 2015

如何為同一規則配置多個日誌路徑?

我正在嘗試編寫這樣的語法:

[apache-w00tw00t]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/log/apache*/*error.log 
logpath  = /var/www/vhosts/site1.com/log/errorlog 
logpath  = /var/www/vhosts/site1.com/subdom/log/errorlog
logpath  = /var/www/vhosts/site3/log/errorlog
logpath  = /var/www/vhosts/site4/log/errorlog
maxretry = 1

路徑都不同,所以我不能使用 RE *

將更多日誌放入規則的正確語法是什麼?

我嘗試使用相同的語法並且在啟動 fail2ban 時沒有出錯。在您的 jail.conf 中嘗試此操作,如果仍然無法正常工作,您可以使用單個日誌路徑輕鬆地將您的規則拆分為多個規則,例如:

[apache-w00tw00t-1]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/log/apache*/*error.log 
maxretry = 1

[apache-w00tw00t-2]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/www/vhosts/site1.com/log/errorlog 
maxretry = 1

等等

這應該最終起作用:

[apache-w00tw00t]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/www/vhosts/site1.com/log/errorlog
          /var/log/apache*/*error.log
          /var/www/vhosts/site1.com/subdom/log/errorlog
          /var/www/vhosts/site3/log/errorlog
          /var/www/vhosts/site4/log/errorlog  
maxretry = 1

你可以參考http://centoshelp.org/security/fail2ban/獲取資訊。

引用自:https://serverfault.com/questions/486301