4

I am using CETNOS 7,yum install fail2ban,in /etc/fail2ban/jail.local,I want to set: 

[DEFAULT]
apache_error_log = /var/log/httpd/*error_log
/home/websites/.*?/log/errorlog

to express: 

    [DEFAULT]
    apache_error_log = /var/log/httpd/*error_log
    /home/websites/site1/log/errorlog
    /home/websites/site2/log/errorlog

Then,I can use %(apache_error_log)s in /etc/fail2ban/jail.local as below: 

[apache-noscript]

port     = http,https
logpath  = %(apache_error_log)s

Is this OK?

kittygirl
  • 975

1 Answers1

3

Fail2Ban logpath doesn't use regular expressions but glob Unix filename pattern matching.

jail.conf (5), logpath

filename(s) of the log files to be monitored, separated by new lines. Globs -- paths containing * and ? or [0-9] -- can be used however only the files that exist at start up matching this glob pattern will be considered.

Rules:

  • * matches any number of any characters (including none)
  • ? matches any single character
  • [abc] matches one of the listed characters
  • [a-z] matches one character in a (locale-dependent) character range
  • inside the brackets, ! can be used for negation (POSIX systems)
  • path separator characters i.e. / are never matched.

Therefore, /home/websites/*/log/errorlog will do.

Esa Jokinen
  • 49,773