Home / server / Questions / 935251
Accepted
kittygirl
Asked: 2018-10-13 05:36:30 +0800 CST

Can I use regex in fail2ban logpath?

  • 772

I am using CETNOS 7,yum install fail2ban,in /etc/fail2ban/jail.local,I want to set: 

[DEFAULT]
apache_error_log = /var/log/httpd/*error_log
/home/websites/.*?/log/errorlog

to express: 

    [DEFAULT]
    apache_error_log = /var/log/httpd/*error_log
    /home/websites/site1/log/errorlog
    /home/websites/site2/log/errorlog

Then,I can use %(apache_error_log)s in /etc/fail2ban/jail.local as below: 

[apache-noscript]

port     = http,https
logpath  = %(apache_error_log)s

Is this OK?

fail2ban

1 Answers

  1. Best Answer

    Fail2Ban logpath doesn't use regular expressions but glob Unix filename pattern matching.

    jail.conf (5), logpath

    filename(s) of the log files to be monitored, separated by new lines. Globs -- paths containing * and ? or [0-9] -- can be used however only the files that exist at start up matching this glob pattern will be considered.

    Rules:

    • * matches any number of any characters (including none)
    • ? matches any single character
    • [abc] matches one of the listed characters
    • [a-z] matches one character in a (locale-dependent) character range
    • inside the brackets, ! can be used for negation (POSIX systems)
    • path separator characters i.e. / are never matched.

    Therefore, /home/websites/*/log/errorlog will do.

    • 3