#49 Timestamps not customizable is a minus...

open
nobody
None
5
2009-05-24
2009-05-24
No

Yesterday was the first time i ever used this program, and the idea it's excellent, but, trying to develop the program for another services (for example a mail server called mercury/32) didn't work due to the timestamps in the log.

I think a great idea would be to add an external file, let's say timestamps.conf that could define several timestamps

[mytimestamp]
E YYYYMMDD HHMMSS

And maybe the user could reference the timestamp in the jail.conf file.

[jailx]
timestamp=mytimestamp
...

So that way, anyone could adapt the program to the log file they need.

In my case, the log file has an entry like this:

E 20090524 151631 4a1960fe Host xx.xx.xx.xx blocked by SpamHaus - dropped and blocked.

The mailserver bans the ip, but for a short time, and only blocks the entry to the mailserver itself, not the rest of the services... So i wanted to ban the ip for x days just for appearing in spamhaus and trying to get into my server, but fail2ban has no way to adapt the regex in order to recognize the timestamp. I guess there are hundreds of cases where this would happen.

Another thing is that i'm not sure if the program is still being developed. I'll find out soon enough.

Thanks a lot for creating this program, the idea behind it deserves recognition.

Heishiro.

Discussion

  • I modified the program in my server, and added the following to the datedetector.py
    # Mercury/32
    template = DateStrptime()
    template.setName("E Year/Month/Day Hour:Minute:Second")
    template.setRegex("E \d{4}\d{2}\d{2} \d{2}\d{2}\d{2}")
    template.setPattern("E %Y%m%d %H%M%S")
    self.__templates.append(template)

    After that, i restarted the service and voilà... It worked perfectly... Hope this helps anyone who wants to ban ips that are initially detected in Mercury/32.

    Anyway, the feature request seems to me like it's still open.

    Thanks a lot for the program again.