Yesterday was the first time i ever used this program, and the idea it's excellent, but, trying to develop the program for another services (for example a mail server called mercury/32) didn't work due to the timestamps in the log.
I think a great idea would be to add an external file, let's say timestamps.conf that could define several timestamps
[mytimestamp]
E YYYYMMDD HHMMSS
And maybe the user could reference the timestamp in the jail.conf file.
[jailx]
timestamp=mytimestamp
...
So that way, anyone could adapt the program to the log file they need.
In my case, the log file has an entry like this:
E 20090524 151631 4a1960fe Host xx.xx.xx.xx blocked by SpamHaus - dropped and blocked.
The mailserver bans the ip, but for a short time, and only blocks the entry to the mailserver itself, not the rest of the services... So i wanted to ban the ip for x days just for appearing in spamhaus and trying to get into my server, but fail2ban has no way to adapt the regex in order to recognize the timestamp. I guess there are hundreds of cases where this would happen.
Another thing is that i'm not sure if the program is still being developed. I'll find out soon enough.
Thanks a lot for creating this program, the idea behind it deserves recognition.
Heishiro.
I modified the program in my server, and added the following to the datedetector.py
# Mercury/32
template = DateStrptime()
template.setName("E Year/Month/Day Hour:Minute:Second")
template.setRegex("E \d{4}\d{2}\d{2} \d{2}\d{2}\d{2}")
template.setPattern("E %Y%m%d %H%M%S")
self.__templates.append(template)
After that, i restarted the service and voilà... It worked perfectly... Hope this helps anyone who wants to ban ips that are initially detected in Mercury/32.
Anyway, the feature request seems to me like it's still open.
Thanks a lot for the program again.