In article kps4fv$33j$1@softins.clara.co.uk, Tony Mountifield tony@softins.co.uk wrote:
I want to use fail2ban on CentOS 6 to monitor Apache with the standard default logfile format ("combined"). Has anyone here succeeded in doing so?
The format has the IP at the start of the line, followed by two dashes (if no authentication) and THEN the timestamp. What I've read on the fail2ban wiki seems to say that the timestamp must ALWAYS be at the start of the line, followed by other stuff. I'm amazed if it isn't configurable...
I'm using fail2ban 0.8.8 from EPEL.
OK, it turns out that despite what it says in the wiki, recent versions of fail2ban do allow a non-anchored timestamp match and will preserve the part of the line before the timestamp. My problem was actually in the failregex.
All working now.
Cheers Tony