search

mdzidic / ovz-web-panel

Automatically exported from code.google.com/p/ovz-web-panel
Other
0 stars 0 forks source link

fail2ban compatible log #338

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I want to ban users who try too many failed login attempts with Fail2Ban. To be 
compatible with Fail2Ban the date needs to be at the beginning of the line and 
be in a supported format. To achieve this I changed line 41 of 
sessions_controller.rb to:

logger.warn "#{Time.now.strftime('%Y-%m-%d %H:%M:%S')} Failed login for 
'#{params[:login]}' from #{request.remote_ip}"

Original issue reported on code.google.com by jasonl...@gmail.com on 14 Sep 2011 at 7:19

GoogleCodeExporter commented 9 years ago

Original comment by sibprogrammer on 1 May 2012 at 9:11

GoogleCodeExporter commented 9 years ago 
Hi

@jason: may I ask you what filter you use? I am currently working on one and 
the fail2ban-regex tester successfully finds all entries. However, it doesn't 
block them.

See here: https://github.com/MaddinXx/Fail2Ban-Filters

Another point here is that you should split the log. I have a very large 
production.log (it doesn't even archive itself) and I would really appreciate 
it if we could have events.log, user.log etc.

Thanks!

Original comment by michel.k...@gmail.com on 18 May 2012 at 11:21

GoogleCodeExporter commented 9 years ago 
failregex = Failed login for .+ from <HOST>

Original comment by jasonl...@gmail.com on 18 May 2012 at 2:47