'Re: [Fail2ban-users] available tags in actions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fail2ban-users
Subject:    Re: [Fail2ban-users] available tags in actions
From:       "Y." <f2b.ml () yalis ! fr>
Date:       2015-11-25 7:56:55
Message-ID: alpine.DEB.2.11.1511250852050.13975 () sphinx2
[Download RAW message or body]

Hey Bill,

On Wed, 25 Nov 2015, Bill Shirley wrote:
> Anyone got an idea of how to use the variable 'apacheUser' or 'dport' in this \
> filter? apache-common.local:
> _apache_access_client = \
> (?P<virtualDomain>.+)\s+(?P<hostName>\S+)\[<HOST>\]\s+(?P<dport>\d+)\s+(?P<apacheUser>.+)\s+\[[^]]+\]
> 
You can't. Only <HOST> gets read by fail2ban in filters. Speaking of that, 
if you look closely, you'll se that the notation differs:
- "<HOST>" is a fail2ban tag, that gets replaced by fail2ban's own regex,
- "(?P<variable>...)" is a regex notation.

> Seems like it should be accessible in either jail.local or some action (or both).
You can only pass parameters from jail.{conf,local} to actions.

Y.

> I've searched the internet but not found any examples.
> 
> Bill
> PS. I have a non-standard apache access_log.
> 
> 
> On 11/23/2015 10:14 AM, Y. wrote:
> > Only 2 or 3 tags actually come from fail2ban: <ip> and <time> in the
> > context of ban/unban actions, and <host> in the context of filters, if I
> > remember correctly.
> > 
> > All other tags are user-defined. You can pass parameters when calling an
> > action, between square brackets, and you can read these parameters inside
> > the ban/unban actions: these are all the other tags that you saw.
> > 
> > Cheers,
> > 
> > Y.
> > 
> > On Mon, 23 Nov 2015, Simon Fromme wrote:
> > 
> > > Date: Mon, 23 Nov 2015 15:42:24
> > > From: Simon Fromme <fromme@tralios.de>
> > > To: fail2ban-users@lists.sourceforge.net
> > > Subject: [Fail2ban-users] available tags in actions
> > > 
> > > Hello,
> > > 
> > > being new to fail2ban I have problems understanding the tag-system. I
> > > was defining a custom action "actions.d/foo.conf" (getting called in the
> > > [recidive] section in "jail.conf") and I am now wondering which tags I
> > > can use within actionban = ...
> > > 
> > > I have not found any documentation on this so I was wondering if there
> > > is some summary of tags I can use? As it seems to me there are tags that
> > > are globally available, some that get defined within the [Init] section
> > > of an action and some that I can pass directly to the action from within
> > > jail.conf. Maybe via some other way as well?
> > > 
> > > I would be thankful for some information on the mechanism by which tags
> > > are being made available to the actions within actions.d and for a list
> > > of global tags I can use there.
> > > 
> > > In the predefined actions I have encountered: <ip>, <name>, <blocktype>,
> > > <chain>, <port>, <protocol>, etc. but I am sure this list is far from
> > > exclusive.
> > > 
> > > Thanks a lot for your help!
> > > Simon Fromme

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic