问题描述

vpn_20191007.log
vpn_20191008.log
vpn_20191009.log
vpn_20191010.log
vpn_20191011.log
vpn_20191012.log
vpn_20191013.log
vpn_20191014.log
vpn_20191015.log
vpn_20191016.log

    [application]
    enabled  = false
    filter   = example
    action   = iptables
    logpath  = /var/log/vpn_%D.log
    maxretry = 1

推荐答案

嗯，有条件的话...

Well, conditionally it is possible...

虽然目前基本上允许使用通配符，所以:

Although wildcards are basically allowed at the moment, so :

logpath  = /var/log/vpn_*.log

可以完成这项工作，但是对于您而言，这有点丑陋:

will do the job, but it is a bit ugly in your case:

• fail2ban仅通过服务启动来累积文件列表，因此该列表仍在fail2ban中获得(除非重新加载)-这意味着您应该通知fail2ban日志文件名已更改(请参阅 https://github.com/fail2ban/fail2ban/issues/1379 ，这项工作正在进行中).
• 因为只有一个文件会收到新消息，所以不需要监视其他文件，尤其是在使用轮询后端的情况下.

• fail2ban cumulate the list of files only by start of service, so the list remains obtained in fail2ban (unless it gets reloaded) - this means you should notify fail2ban that the log file name got changed (see https://github.com/fail2ban/fail2ban/issues/1379, the work is in progress).
• since only one file will get new messages, the monitoring of other files is unneeded, especially if polling backend is used.

因此最好为此创建一些logrotate规则:

So better create some logrotate rules for that:

• 为了重命名/压缩所有先前的日志文件(以避免与过时的文件匹配)；
• 为具有固定名称的最后一个/活动文件创建硬链接或符号链接(因此，fail2ban总是能够使用相同的名称查找它，并且您根本不需要通配符)；
• 或在日志文件名更改后通知fail2ban重新加载监狱
  (fail2ban-client reload vpn).

• in order to rename/compress all previous log-files (to avoid match for obsolete files);
• either create hard- or sym-link for last/active file with a fixed name (so fail2ban is always able to find it with the same name, and you'd not need wildcard at all);
• or to notify fail2ban to reload the jail if logfile-name got changed
  (fail2ban-client reload vpn).

以下是logrotate修改的示例:

Here is an example for logrotate amendment:

    postrotate
        nfn="/var/log/vpn_$(date +%Y%m%d).log"
        touch "$nfn"
        ln -fs "$nfn" /var/log/vpn.log

这篇关于如何在fail2ban监狱中指定多个日志文件模式?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！