35 lines
912 B
Plaintext
35 lines
912 B
Plaintext
# Fail2Ban filter for ZNC (requires adminlog module)
|
|
#
|
|
# to use this module, enable the adminlog module from within ZNC and point
|
|
# logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log).
|
|
|
|
[DEFAULT]
|
|
|
|
logtype = file
|
|
|
|
[Definition]
|
|
|
|
_daemon = znc
|
|
|
|
# Prefix for different logtype (file, journal):
|
|
#
|
|
__prefix_file = (?:\[\]\s+)?
|
|
__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+
|
|
__prefix_journal = %(__prefix_short)s
|
|
|
|
__prefix_line = <__prefix_<logtype>>
|
|
|
|
failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from <ADDR>
|
|
|
|
ignoreregex =
|
|
|
|
journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc
|
|
|
|
# DEV Notes:
|
|
# Log format is: [<DATE+TIME>] [<USERNAME>] <ACTION> from <ADDR>
|
|
# [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4
|
|
# [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4
|
|
# [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4
|
|
#
|
|
# Author: Tobias Girstmair (//gir.st/)
|