ttito
November 14, 2020, 2:59pm
1
Hi team!
Has anyone a failregex for fail2ban?
apache
Ubuntu 20.04
Nextcloud 20.0.1
the log for example is:
{"reqId":"B0JTy99clnfHkqaxHE7W","level":2,"time":"November 14, 2020 15:56:13","remoteAddr":"ip.ip.ip.ip","user":"--","app":"no app in context","method":"POST","url":"/index.php/login","message":"Login failed: test (Remote IP: ip.ip.ip.ip)","userAgent":"Mozilla/5.0 (Android 10; Mobile; rv:82.0) Gecko/82.0 Firefox/82.0","version":"20.0.1.1"}
thanks!
ttito:
Has anyone a failregex for fail2ban?
apache
Ubuntu 20.04
Nextcloud 20.0.1
the log for example is:
{"reqId":"B0JTy99clnfHkqaxHE7W","level":2,"time":"November 14, 2020 15:56:13","remoteAddr":"ip.ip.ip.ip","user":"--","app":"no app in context","method":"POST","url":"/index.php/login","message":"Login failed: test (Remote IP: ip.ip.ip.ip)","userAgent":"Mozilla/5.0 (Android 10; Mobile; rv:82.0) Gecko/82.0 Firefox/82.0","version":"20.0.1.1"}
Sure:
[Definition]
# regex for Nextcloud 12 - 20:
failregex = ^.*Login failed: '?.*'? \(Remote IP: '?<HOST>'?\).*$
ttito
November 14, 2020, 4:59pm
3
Thanks, but this code has no function…
Sorry, I should have had a closer look…
As far as I know fail2ban
is not able to interpret this time stamp. Can you either delete logdateformat
from Nextclouds config.php
or change the value to:
logdateformat => 'c',
which makes PHP to expand the timestamp to ISO8601 . fail2ban
is able to interpret ISO8601 time stamps.
Also make sure that the value of logtimezone
in Nextclouds config.php
corresponds to the timezone of the system (cat /etc/timezone
)