fail2ban
fail2ban copied to clipboard
Add excludepath config option
Add a new jail option "excludepath". Files that match any logpath pattern and also any excludepath pattern are ignored. We were looking for a way to exclude certain webserver logs. The "create a new directory with a bunch of symlinks" solution doesn't work well for us. We'd much rather have a blacklist than a whitelist.
[my-jail]
enabled = true
...
logpath = /var/log/nginx/*-access.log
excludepath = /var/log/nginx/api*
The PR does not break compatibility; only the client's jail reader is affected.
Mentioning #796 because it shows up on Google when searching "fail2ban exclude logfiles".
Codecov Report
Merging #1756 into 0.10 will decrease coverage by
0.6%
. The diff coverage is91.66%
.
@@ Coverage Diff @@
## 0.10 #1756 +/- ##
==========================================
- Coverage 95.49% 94.89% -0.61%
==========================================
Files 76 77 +1
Lines 13063 12000 -1063
Branches 2082 1871 -211
==========================================
- Hits 12475 11387 -1088
- Misses 318 345 +27
+ Partials 270 268 -2
Impacted Files | Coverage Δ | |
---|---|---|
fail2ban/tests/clientreadertestcase.py | 97.11% <100%> (-0.62%) |
:arrow_down: |
fail2ban/client/jailreader.py | 93.14% <88.88%> (-0.78%) |
:arrow_down: |
fail2ban/server/asyncserver.py | 87.8% <0%> (-10.82%) |
:arrow_down: |
fail2ban/server/filterpyinotify.py | 85.58% <0%> (-10.66%) |
:arrow_down: |
fail2ban/client/configparserinc.py | 90.9% <0%> (-4.15%) |
:arrow_down: |
fail2ban/server/failregex.py | 87.5% <0%> (-3.97%) |
:arrow_down: |
fail2ban/client/csocket.py | 97.61% <0%> (-2.39%) |
:arrow_down: |
fail2ban/server/strptime.py | 94.53% <0%> (-1.84%) |
:arrow_down: |
fail2ban/server/filterpoll.py | 83.95% <0%> (-1.77%) |
:arrow_down: |
fail2ban/tests/banmanagertestcase.py | 98.29% <0%> (-1.71%) |
:arrow_down: |
... and 40 more |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 8069eef...d6d9d6e. Read the comment docs.
Coverage decreased (-0.02%) to 97.125% when pulling 6e8b1a5e548fdb7db7f66ca68a7a57f4768e77d1 on classmarkets:excludepath into 36814c4274a27718530f68b0dc8b7485f49dfbc5 on fail2ban:0.10.
I've planned a redesign of the log-file handling (in #1379), so the whole logic round about wildcards should be moved to the server/jail-backend (allows dynamically "filtering" during the runtime, and not as now by the start only). But I'll take a look here later to see how it can be useful together with planned arrangements. At least as interim solution it would be good. Thanks!
and not as now by the start only
Does that imply that newly created files are not picked up by fail2ban unless it is restarted?
I guess it can't pick up new files, since the server never sees the globs. That didn't occur to me yet. Quite unexpected I must say.
Coverage decreased (-0.02%) to 97.117% when pulling d6d9d6e5b785e3048555c7e00837054c4d2ad65e on classmarkets:excludepath into 17922b621c2d8dc99120470647ece16c56f298d8 on fail2ban:0.10.
Quite unexpected I must say.
You're right, that's why I want to "fix" it.