如何为同一条规则配置多个日志路径?
我正在尝试编写如下语法:
[apache-w00tw00t]
enabled = true
filter = apache-w00tw00t
action = iptables-allports
logpath = /var/log/apache*/*error.log
logpath = /var/www/vhosts/site1.com/log/errorlog
logpath = /var/www/vhosts/site1.com/subdom/log/errorlog
logpath = /var/www/vhosts/site3/log/errorlog
logpath = /var/www/vhosts/site4/log/errorlog
maxretry = 1
路径都不同,所以我不能使用 RE *
将更多日志放入规则的正确语法是什么?
答案1
我尝试使用相同的语法,在启动 fail2ban 时没有出现任何错误。请在 jail.conf 中尝试此操作,如果仍然不起作用,您可以轻松地将规则拆分为多个,并使用单个日志路径,例如:
[apache-w00tw00t-1]
enabled = true
filter = apache-w00tw00t
action = iptables-allports
logpath = /var/log/apache*/*error.log
maxretry = 1
[apache-w00tw00t-2]
enabled = true
filter = apache-w00tw00t
action = iptables-allports
logpath = /var/www/vhosts/site1.com/log/errorlog
maxretry = 1
ETC。
这最终应该可以工作:
[apache-w00tw00t]
enabled = true
filter = apache-w00tw00t
action = iptables-allports
logpath = /var/www/vhosts/site1.com/log/errorlog
/var/log/apache*/*error.log
/var/www/vhosts/site1.com/subdom/log/errorlog
/var/www/vhosts/site3/log/errorlog
/var/www/vhosts/site4/log/errorlog
maxretry = 1
您可以咨询http://centoshelp.org/security/fail2ban/了解详情。