In article <kps4fv$33j$1@xxxxxxxxxxxxxxxxxxx>,
Tony Mountifield <tony@xxxxxxxxxxxxx> wrote:
> I want to use fail2ban on CentOS 6 to monitor Apache with the standard
> default logfile format ("combined"). Has anyone here succeeded in doing so?
>
> The format has the IP at the start of the line, followed by two dashes
> (if no authentication) and THEN the timestamp. What I've read on the
> fail2ban wiki seems to say that the timestamp must ALWAYS be at the start
> of the line, followed by other stuff. I'm amazed if it isn't configurable...
>
> I'm using fail2ban 0.8.8 from EPEL.
OK, it turns out that despite what it says in the wiki, recent versions
of fail2ban do allow a non-anchored timestamp match and will preserve the
part of the line before the timestamp. My problem was actually in the
failregex.
All working now.
Cheers
Tony
--
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
