On Mon, 11 May 2009 15:56:45 -0400 Lou Duchez lou@paprikash.com wrote:
Hi,
Is there any way to disable the "dovecot: " at the beginning of each line of the log? Fail2Ban responds poorly to it. I know there are a number of sites with "failregex" strings for Fail2Ban and Dovecot, but I've tried them all, and they don't work, at least with the latest Fail2ban and the latest Dovecot. The Fail2Ban wiki is pretty clear about why there will be a problem:
"In order for a log line to match your failregex, it actually has to match in two parts: the beginning of the line has to match a timestamp pattern or regex, and the remainder of the line has to match your failregex.".
So in other words, Fail2Ban expects that each line of the log will start with a timestamp.
Thanks all! Dovecot rocks.
Well, this is not completely true... I have a working fail2ban config using the dovecot log file, not syslog, and it's working fine... I had to change the date format for the log file, but after doing that, the fail2ban works as it should...
BTJ