fail2ban(-regex) not recognizing proftpd logs

Discussion in 'Server Operation' started by lartis, May 18, 2009.

  1. lartis

    lartis New Member

    hi all,

    i have a redhat el5 vserver and got fail2ban working for ssh without any problems. i wanted to add support for proftpd today.

    the fail2ban-regex test tool doesnt find any matches for the following proftpd.conf:

    log from /var/log/secure with failed logins looks like this:
    "fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/proftpd.conf" gives me:
    any hints would be greatly appreciated,
    thx guys
    Last edited: May 18, 2009
  2. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/fail2ban/jail.local?
  3. lartis

    lartis New Member

    hey thanks for your answer,
    i dont have a jail.local, for now i edited all the confs themselves
  4. lartis

    lartis New Member

    quick update maybe i can help someone:

    i just wrote my own proftpd.conf with my poor regex skills but now theyre recognized properly, maybe too dirty for bigger / more complicated systems

  5. marpada

    marpada New Member

    Thank you very much lartis,

    Also wasted a few hours trying to make the default regex too work but just got a headache :confused:
    Zx14 Vs Hayabusa
    Last edited: May 13, 2011

Share This Page