1

I'm using wildcard in the logpath value as shown below:

[http-get-dos]
enabled = true
filter = http-get-dos
logpath = /var/log/ispconfig/httpd/*/access.log
maxretry = 250
findtime = 300
#ban for 10 hours
bantime = 36000
action = iptables-multiport[name=HTTP, port="http,https", protocol=tcp]

This works great but I want to exclude specific log because I need to create a separate filter for this.

So, for example, if I want to exclude /var/log/ispconfig/httpd/mysite.com/access.log, how do I do this?

jaYPabs
  • 299
  • 1
  • 4
  • 20
  • I am not sure what you are trying to do but `logpath = /var/log/ispconfig/httpd/!(mysite.com)/access.log` might be an option. – Valentin Bajrami Jul 24 '13 at 12:31
  • As I've said I will create a separate filter. like another [http-get-dos2]. I tested your suggestion but it still it add to logpath as fail2ban.log stated as follows `Added logfile = /var/log/ispconfig/httpd/mysite.com/access.log`. – jaYPabs Jul 24 '13 at 12:46
  • If you can use globs `*` you will be able to use `!` negate too. Did you restart fail2ban / iptables. – Valentin Bajrami Jul 24 '13 at 12:54
  • Yes, I already restarted fail2ban. – jaYPabs Jul 24 '13 at 13:09

0 Answers0