Yesterday was the first time i ever used this program, and the idea it's excellent, but, trying to develop the program for another services (for example a mail server called mercury/32) didn't work due to the timestamps in the log.
I think a great idea would be to add an external file, let's say timestamps.conf that could define several timestamps
E YYYYMMDD HHMMSS
And maybe the user could reference the timestamp in the jail.conf file.
So that way, anyone could adapt the program to the log file they need.
In my case, the log file has an entry like this:
E 20090524 151631 4a1960fe Host xx.xx.xx.xx blocked by SpamHaus - dropped and blocked.
The mailserver bans the ip, but for a short time, and only blocks the entry to the mailserver itself, not the rest of the services... So i wanted to ban the ip for x days just for appearing in spamhaus and trying to get into my server, but fail2ban has no way to adapt the regex in order to recognize the timestamp. I guess there are hundreds of cases where this would happen.
Another thing is that i'm not sure if the program is still being developed. I'll find out soon enough.
Thanks a lot for creating this program, the idea behind it deserves recognition.
Log in to post a comment.