hello, running fail2ban version 0.9.3 on ubuntu
it appears the default action script is iptables-multiport I want to learn how to add a comment when banning an ip, and have that comment include data / information from the log file f2b is monitoring, for example, in a log file made by mail / courier / imap, it contains this line: imapd: LOGIN FAILED, user=cowseig...@domain.com, ip=[::ffff:183.157.169.196] so I created a file in/etc/fail2ban/action.d named iptables-multiport.local and pasted this information (found in the FAQ section of f2b user guide website). actionban = lgm=$(printf '%%.1000s\n...' "<matches>"); <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype> "comment=$lgm" --comment "$lgm" then I restarted f2b systemctl restart fail2ban journalctl -ru fail2ban showed it restarted without errors how can I check if this is working? will it be written in the iptables, or will it be written in the fail2ban log, or will it be written in /var/log/ufw.log ? after i find out where i can see the results, i will probably need to come back and learn how to capture information from the source log so the comments make sense thank you
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
