[RFE]: Postgresql backend filter #3864
Labels
Comments
|
There is indeed no backend at the moment that would achieve this. However, just for the info, one could use proactive a client (or pickle-protocol) to notify fail2ban about failures, if service has a callback for failed authentication: fail2ban-client set <JAIL> attempt <IP> [<failure1> ... <failureN>]Also somewhere was a PoC implementing new command-backend (pipe), read log-data from a stream... backend = pipe[command='mysql ... -srN -e "select time, lid, ip, msg from log where id > <lastid>"', init-lastid=0, lastid=F-lid, interval=1s]
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
prefregex = ^\t*<F-lid>\d+</F-lid>\t<ADDR>\t<F-CONTENT>.+</F-CONTENT>$I will come back to this again later. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature request type
Until now fail2ban can only read the journal and classic log files.
But some systems logs the fail's into it's own databases.
Description
It would be very helpful if the jail filters could also be searched in SQL databases. This would solve the problem that some applications only log unauthorised access in internal SQL databases. I could imagine that a general database framework could be used to which the queries and the configuration are then transferred. The usual filter part would then contain the SQL query for the ban request, which then returns the IP and the timestamp as usual.
Considered alternatives
Not really possible if the data is only available in SQL databases.
Any additional information
The rolling file problem would also solve by this, when the provided data is stored in an SQL database.
The text was updated successfully, but these errors were encountered: