Ubuntu
Fail2ban 不在 odoo 日誌上執行正則表達式
我已經用 odoo 13 安裝了 fail2ban。
下面是我的配置和範例輸出,但我似乎無法弄清楚為什麼它不過濾。
user@tempdev:/etc/fail2ban# fail2ban-regex -v /var/log/odoo/odoo.log /etc/fail2ban/filter.d/odoo-login.conf
Running tests ============= Use failregex filter file : odoo-login, basedir: /etc/fail2ban Use log file : /var/log/odoo/odoo.log Use encoding : UTF-8 Results ======= Failregex: 0 total |- #) [# of hits] regular expression | 1) [0] ^\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST> `-
user@tempdev:/etc/fail2ban# cat /var/log/odoo/odoo.log | grep ‘登錄失敗’
2020-12-11 12:54:06,442 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asfd from 1.2.23.3 2020-12-11 13:11:20,945 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asfd from 1.2.23.3 2020-12-11 13:12:07,928 1620 INFO TestSRV odoo.addons.base.models.res_users: Login failed for db:TestSRV login:asdf from 1.2.23.3
Fail2ban 肯定會刪除字元串匹配的日期模式的部分,但仍然有一個空格,所以你必須
\s*
在錨之前添加\d+
:-failregex = ^\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST> +failregex = ^\s*\d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>