# Fail2Ban filter for ZNC (requires adminlog module) # # to use this module, enable the adminlog module from within ZNC and point # logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log). [DEFAULT] logtype = file [Definition] _daemon = znc # Prefix for different logtype (file, journal): # __prefix_file = (?:\[\]\s+)? __prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+ __prefix_journal = %(__prefix_short)s __prefix_line = <__prefix_> failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from ignoreregex = journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc # DEV Notes: # Log format is: [] [] from # [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4 # [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4 # [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4 # # Author: Tobias Girstmair (//gir.st/)