fail2ban setup centos 7 not picking auth fail?
Adi Pircalabu
adi at ddns.com.au
Fri May 22 09:01:00 EEST 2020
On 22-05-2020 15:45, Voytek Eymont wrote:
> On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
>> On 22-05-2020 10:38, Voytek Eymont wrote:
>
>>
>> Hardly a Dovecot issue. Can you please post the output of this
>> command?
>> /usr/bin/fail2ban-regex /var/log/dovecot.log
>> /etc/fail2ban/filter.d/dovecot.conf
>
>
> Adi,
>
> thanks, what I get is:
>
[...]
>
> Results
> =======
>
> Failregex: 5149 total
[...]
>
> Lines: 338975 lines, 0 ignored, 5149 matched, 333826 missed
> [processed in 87.44 sec]
Right, so it's not a regex problem then, you're getting some matches
there, although you might want to revisit it it the result is not
consistent with your own searches. It might be that Dovecot isn't
logging to systemd' journal, or the regex doesn't match the journal
entries. Try to comment out "journalmatch =
_SYSTEMD_UNIT=dovecot.service" entry in your filter file, restart f2b
and see if there's any change.
P.S. Let's try and keep the replies to the list :)
--
Adi Pircalabu
More information about the dovecot
mailing list