Comments (2)
The reason for that is unexpected prefix - auth.info
between hostname and service name (localhost auth.info sshd
) is normally not present in log.
Either you'd change the format if syslog or whatever, so it would not generate that (no idea where one can change it)...
Or you adjust the prefix-line (e. g. rewrite default hostname of common prefix-line), either in jail.local
for sshd jail only:
[sshd]
filter = %(known/filter)s[__hostname="\S+(?: [a-z]+\.[a-z]+)?"]
Or in filter.d/common.local
for all jails based on common-include:
[DEFAULT]
__hostname = \S+(?: [a-z]+\.[a-z]+)?
from fail2ban.
The reason for that is unexpected prefix -
auth.info
between hostname and service name (localhost auth.info sshd
) is normally not present in log.Either you'd change the format if syslog or whatever, so it would not generate that (no idea where one can change it)...
Or you adjust the prefix-line (e. g. rewrite default hostname of common prefix-line), either in
jail.local
for sshd jail only:[sshd] filter = %(known/filter)s[__hostname="\S+(?: [a-z]+\.[a-z]+)?"]Or in
filter.d/common.local
for all jails based on common-include:[DEFAULT] __hostname = \S+(?: [a-z]+\.[a-z]+)?
Hey!
I used your first method and it worked flawlessly, thank you so much.
For me this is fixed so I am going to close the issue.
from fail2ban.
Related Issues (20)
- [BR]: ERROR: cannot import name 'MutableMapping' from 'collections' (/usr/lib/python3.11/collections/__init__.py) HOT 4
- [BR]: Jail works but no chain created in iptables HOT 4
- [BR]: STDIN is closed and triggers libuv error in external programs during actionban HOT 8
- [FR]: sshd failed login attempts not detected? HOT 1
- [RFE]: multi-line ignoreip doesn't handle end-of-line comments HOT 1
- [BR]: faulty regexes in sshd.conf? HOT 1
- Request new release HOT 1
- Active : failed HOT 1
- [FR]: nginx-bad-request.conf nginx-botsearch.conf should also support the new journalctl format introduced in the other nginx filters
- New jail matches but doesn't ban nginx-limit-req.conf HOT 3
- [RFE]: Change cloudflare.conf to use WAF Custom Rules rather than Firewall Access Rules due to deprecation
- [BR]: basic setup fail HOT 2
- Not working filter apache logs HOT 1
- [FR]: qbittorrent-nox HOT 8
- [BR]: README.md typos
- Fail2ban - Raspberry Pi5 64bit Bookworm - not working as expected, not reading systemd logs? HOT 6
- [FR]: Ubuntu 22.04.4 LTS fail2ban Unable to match some authentication failure logs HOT 4
- [BR]: Test testStatusStats fails with 1.1.0 on Fedora Rawhide HOT 10
- Help Needed: Creating Fail2ban Filter for Exchange Autodiscover Failed Login Attempts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fail2ban.