我想为我们的webapp实现fail2ban。问题是我不知道如何处理正则表达式。 我们的nginx日志看起来像这样
[REM-ADD]:"172.16.2.148" - [REQ-TIME]:"26/Apr/2016:12:05:32 +0530" -[STATUS]:"200" - [CLIENTIP]:"125.19.65.202, 54.239.168.59" - [CONNECTION]:"489" - [CONN-REQ]:"6" - [CONTENT-LEN]:"-" - [REQ-LEN]:"673" - [BODY-BYTE]:"1090" - [USER-AGENT]:"-" - [REQ]:"GET /news/api/v1/app_settings/ HTTP/1.1" - [REQ-BODY]:"-" -
[REM-ADD]:"172.16.0.100" - [REQ-TIME]:"26/Apr/2016:12:05:35 +0530" -[STATUS]:"200" - [CLIENTIP]:"125.19.65.202, 54.239.168.60" - [CONNECTION]:"513" - [CONN-REQ]:"1" - [CONTENT-LEN]:"-" - [REQ-LEN]:"673" - [BODY-BYTE]:"1090" - [USER-AGENT]:"-" - [REQ]:"GET /news/api/v1/app_settings/ HTTP/1.1" - [REQ-BODY]:"
现在,fail2ban docs例如nginx-noscript.conf
[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\scgi)
ignoreregex =
基本上我想问一下如何为我的自定义nginx日志格式化正则表达式。 我尝试了一些正则表达式,但它起作用并且不会抛出任何错误。
答案 0 :(得分:0)
指定与Apache的组合格式
兼容的日志格式log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"' ;
处理
会更容易