Hello, I´m working on my own fail2ban docker implementation for mail, cloud, wordpress.
I have to do my own, because I have a complex scenario with Gateway–>PFsense–>HAProxy etc,but
thats not part of my story here.
I cannot get my failregex from the nginx_mailcow container working.
I have the assumption, that the nginx_mailcow container saves logs differently then others, not mailcow containers.
because only parsing this container logs I get error messages, with others there is no problem at all.
Is it possible for you to quickly give me advice how to parse these logs via failregex or if I should alter the container log files in any way, if possible.
neither failregex I use, I get the following error message
`Running tests
Use failregex line : <HOST> .+"GET \/api\/v1\/get\/passwordpolicy\/html
Use log file : /var/lib/docker/containers/b10a01827d9f67186d7a8904def994b0d950d991a023b4b1c4687577fbe26c1f/b10a01827d9f67186d7a8904def994b0d950d991a023b4b1c4687577fbe26c1f-json.log
Use encoding : UTF-8
Traceback (most recent call last):
File “/usr/bin/fail2ban-regex”, line 34, in <module>
exec_command_line()
File “/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py”, line 836, in exec_command_line
if not fail2banRegex.start(args):
File “/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py”, line 776, in start
self.process(test_lines)
File “/usr/lib/python3.9/site-packages/fail2ban/client/fail2banregex.py”, line 584, in process
line_datetimestripped, ret, is_ignored = self.testRegex(line)
`
Of course I can give more information about the system and environment if needed.
I would very much appriciate your help.
Greetings Thomas