Fail2ban version v0.10.2
I have a simple jail that looks for a specific user agent.
[barkrowler]
enabled = true
filter = barkrowler
logpath = /var/log/apache2/proxy.mydomain.com.access.log
port = 80,81,8103,8203,8303
maxretry = 1
findtime = 10
bantime = 86400
action = iptables-allports[name=barkrowler]
The /etc/fail2ban/filter.d/barkrowler.conf file
[Definition]
failregex=^.*\| <HOST> .*Barkrowler.*
A typical access log line from this user agent
[2020-10-13 14:23:09 (Tue)] | server20 | R:- | www.mydomain.com | 62.210.78.76 |"GET /robots.txt HTTP/1.1" | 301 | 249 | 80 | "-" | "Mozilla/5.0 (compatible; Barkrowler/0.9; +https://babbar.tech/crawler)"
fail2ban-regex shows me it matches
root@server20:/etc/fail2ban# fail2ban-regex --print-all-matched /var/log/apache2/proxy.mydomain.com.access.log /etc/fail2ban/filter.d/barkrowler.conf
Running tests
=============
Use failregex filter file : barkrowler, basedir: /etc/fail2ban
Use log file : /var/log/apache2/proxy.mydomain.com.access.log
Use encoding : UTF-8
Results
=======
Failregex: 1354 total
|- #) [# of hits] regular expression
| 1) [1354] ^.*\| <HOST> .*Barkrowler.*
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1106761] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T| ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
`-
Any idea of what could be wrong? My backend is pyinotify and time is correct.
root@server20:/etc/fail2ban# timedatectl
Local time: Tue 2020-10-13 14:47:37 CDT
Universal time: Tue 2020-10-13 19:47:37 UTC
RTC time: Tue 2020-10-13 19:47:37
Time zone: America/Chicago (CDT, -0500)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no
Fail2ban log never says anything beyond this when it's started:
2020-10-13 14:17:45,055 fail2ban.jail [18459]: INFO Jail 'barkrowler' started
