HOW-TO use Fail2Ban sendmail-whois-lines with multiple logpath

Mangas23

Verified User
Joined
Aug 31, 2006
Messages
104
Hello, I give you this hint for use sendmail-whois-lines with multiple log path:

you need modify action.d/sendmail-whois-lines.conf:
remove old actionban = an put this one:
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
`while IFS=';' read -a ADDR; do
for i in "${ADDR[@]}"; do
printf %%b "\n Lines containing IP:<ip> in $i \n"
/bin/grep '\<<ip>\>' $i \n
done
done <<< "<logpath>"`\n
Regards,\n

And in your jail.conf
sendmail-whois-lines[name=Apache, dest=maildest, sender=mailsender, logpath=/dir/log1.log;/dir/log2.log]

* work in logpath ex: /var/log/httpd/*.log
Each log file must be separate by ";"

And no you have in your email whois + line found for each log file.

Perhaps that will help someone ;)
 
Last edited:
I've been looking for something like this. Have you gotten it to work with newer versions of fail2ban, i.e. 0.9.x?
 
Back
Top