Why not use regexpal or a similar site and develop a corresponding regex. This is not a guacamole problem.
On October 25, 2023 4:05:42 PM GMT+02:00, Piviul <[email protected]> wrote: >Hi all, I have installed guacamole on port 8080 and nginx to have https >access. All seems to work correctly. > >Now I would like to configure fail2ban to check failing logs. Adding to >fail2ban the rule > >failregex = ^.*WARNÂ o\.a\.g\.r\.auth\.AuthenticationService - Authentication >attempt from <HOST> for user "[^"]*" failed\.$ > >permit to fail2ban to find failing logs but only if they are from port 8080. >If they use the nginx https port doesn't > >In effect in the guacamole logs in case of 8080 port failing access the log is: > >13:32:55.059 [http-nio-8080-exec-3] WARN o.a.g.r.auth.AuthenticationService - >Authentication attempt from 192.168.64.90 for user "user" failed. > >But if I use the nginx https port I can find > >13:33:23.598 [http-nio-8080-exec-5] WARN o.a.g.r.auth.AuthenticationService - >Authentication attempt from [192.168.64.90, 127.0.0.1] for user "user" failed. > >Probably fail2ban can check the host when the logged ip is [192.168.64.90, >127.0.0.1] > >Someone can help me to write the failregex rule to have fail2ban correctly get >the ip to ban on failing logs even from nginx https port? > >Piviul > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: [email protected] >
