Hello, I give you this hint for use sendmail-whois-lines with multiple log path:
you need modify action.d/sendmail-whois-lines.conf:
remove old actionban = an put this one:
And in your jail.conf
sendmail-whois-lines[name=Apache, dest=maildest, sender=mailsender, logpath=/dir/log1.log;/dir/log2.log]
* work in logpath ex: /var/log/httpd/*.log
Each log file must be separate by ";"
And no you have in your email whois + line found for each log file.
Perhaps that will help someone
you need modify action.d/sendmail-whois-lines.conf:
remove old actionban = an put this one:
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
Date: `date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: Fail2Ban <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here are more information about <ip>:\n
`/usr/bin/whois <ip>`\n
`while IFS=';' read -a ADDR; do
for i in "${ADDR[@]}"; do
printf %%b "\n Lines containing IP:<ip> in $i \n"
/bin/grep '\<<ip>\>' $i \n
done
done <<< "<logpath>"`\n
Regards,\n
And in your jail.conf
sendmail-whois-lines[name=Apache, dest=maildest, sender=mailsender, logpath=/dir/log1.log;/dir/log2.log]
* work in logpath ex: /var/log/httpd/*.log
Each log file must be separate by ";"
And no you have in your email whois + line found for each log file.
Perhaps that will help someone

Last edited: