|Subject:||Re: Monit built-in Http log for fail2ban|
|Date:||Thu, 24 May 2012 12:25:20 +0300|
I am sorry for the delay...
I did find some time to take some tests so, I did notice that syslog stopped for some reason logging these failed login attempts after some time, up to a date they were working ok...
I changed the logfile to a custom one that logs the events now.
Anyway, unfortunately since the logging comes in a form of " Warning: Client '127.0.0.1' supplied unknown user" there is no way to make it work. I should disable the proxy pass and the access the service from external ip so I can latter ban it...
the monit logfile is configured with "SET LOGFILE <path|SYSLOG>" … in your case the log goes to syslog, which decides to which file to log the message. Monit's internal webserver is proprietary implementation - it's not mongrel. The failed login attempts are logged with following messages:
Warning: Client 'xyz' supplied unknown user 'cdb' accessing monit httpd
Warning: Client 'xyz' supplied wrong password for user 'abc' accessing monit httpd
On Apr 26, 2012, at 2:54 PM, Alex wrote:
|[Prev in Thread]||Current Thread||[Next in Thread]|