/var/log/httpd/error_log - wrong format

Phil_Garner · December 16, 2008, 4:22pm

I am trying to get fail2ban to ban password mismatch from apache but the logs are incompatible. i.e.

“[Tue Dec 16 15:49:02 2008] [error] [client 0.0.0.0] user maint: authentication failure for “/admin”: Password Mismatch”

“The default format does not work with Fail2Ban because the pattern Fail2Ban uses that would match this format has a beginning of line character (^), and Asterisk puts its date/time inside of []. However the other formats that Fail2Ban supports do not have this character and can be used with Asterisk”

I am using CentOS 4.7 with FreePBX 2.5.1.0

I was wandering if I could duplicate the error_log into another file and change the format? I don’t know how this would be done as I am reasonably new to linux and asterisk. Is there another way?

As far as fail2ban goes though I would reccommend it to anyone because all of the other jails are functioning well (because they use different logs in the correct format)

Any assistance would be greatly appreciated.
Thank you in advance.

KodaK · December 17, 2008, 1:53am

I’ve never used fail2ban, but I can’t imagine that you can’t define your own log file formats for it to use.

Chances are it uses regex, so you should probably google up some regex howto somewhere. I also can’t imagine that this isn’t covered in their FAQ.

KodaK · December 17, 2008, 1:57am

I just googled it and there is plenty of documentation at their site and elsewhere that tells you how to use their filters.

Here’s just one site:

http://debaday.debian.net/2007/04/29/fail2ban-an-enemy-of-script-kiddies/

I’m sure you could find more.