Any one have a solution for my problem please ?


2010/11/29 Linux Tux <linutux78@gmail.com>
Hello world,

I installed fail2ban for monitoring geronimo logs (geronimo.out). 
i want use it only for that, no to secure my server.
So, i created the following  new filter and new jail file.
Even a new term "Exception" is detected, i want that fail2ban send me an alert.

Can you tell me please how can i do because it appears that this configuration not works.

/etc/fail2ban/filter.d/geronimo.conf
--------------------------------------------------------------------------------------------------------

# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 510 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S )
# Values: TEXT
#
failregex = Exception

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
                                                              1,21         Tout



/etc/fail2ban/jail.conf
--------------------------------------------------------------------------------------------------------

[geronimo]

enabled  = true
filter   = Exception
action   = sendmail-whois[name=Pattern Detection, dest=admin@name.com]
logpath  = /home/web/geronimo/var/log/geronimo.out



-----------
Config:
fail2ban-0.8.2-3.el4.rf
PHP 4.3.9 (cgi) (built: Apr  4 2007 11:50:16)
Red Hat Enterprise Linux AS release 4 (Nahant Update 5)
mailx-8.1.1-37.EL4


# fail2ban-client status
Status
|- Number of jail:      1
`- Jail list:           geronimo


# fail2ban-client status geronimo
Status for the jail: geronimo
|- filter
|  |- File list:        /home/web/geronimo/var/log/geronimo.out
|  |- Currently failed: 0
|  `- Total failed:     0
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0


TEST:
--------------------------------------------------------------------------------------------------------

# fail2ban-regex /home/web/geronimo/var/log/geronimo.out /etc/fail2ban/filter.d/geronimo.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/geronimo.conf
Use log file   : /home/web/geronimo/var/log/geronimo.out


Results
=======

Failregex
|- Regular expressions:
|  [1] Exception
|
`- Number of matches:
   [1] 0 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Sorry, no match

Look at the above section 'Running tests' which could contain important
information.