# Fail2Ban configuration file for guacamole
#
# Author: Steven Hiscocks
#

[Definition]

logging = catalina
failregex = <L_<logging>/failregex>
maxlines = <L_<logging>/maxlines>
datepattern = <L_<logging>/datepattern>

[L_catalina]

failregex = ^.*\nWARNING: Authentication attempt from <HOST> for user "[^"]*" failed\.$

maxlines = 2

datepattern = ^%%b %%d, %%ExY %%I:%%M:%%S %%p
              ^WARNING:()**
              {^LN-BEG}

[L_webapp]

failregex = ^ \[\S+\] WARN  \S+ - Authentication attempt from <HOST> for user "<F-USER>[^"]+</F-USER>" failed.

maxlines = 1

datepattern = ^%%H:%%M:%%S.%%f

# DEV Notes:
#
# failregex is based on the default pattern given in Guacamole documentation :
# https://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging
#
# The following logback.xml Guacamole configuration file can then be used accordingly :
# <configuration>
#   <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
#     <file>/var/log/guacamole.log</file>
#     <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
#       <fileNamePattern>/var/log/guacamole.%d.log.gz</fileNamePattern>
#       <maxHistory>32</maxHistory>
#     </rollingPolicy>
#     <encoder>
#       <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
#     </encoder>
#   </appender>
#   <root level="info">
#     <appender-ref ref="FILE" />
#   </root>
# </configuration>