-
- Notifications
You must be signed in to change notification settings - Fork 396
Custom Integrations
Jeff Johnson edited this page Jul 17, 2023 · 18 revisions
You can log to a known custom log format from any system to initiate failed login attempts which will be processed by ipban.
Here is the log entry and format for Linux:
Custom log entries, Linux For custom logs, write this type of line and ipban will add a failed login: 2020-01-01T01:01:01Z, ipban failed login: 10.10.10.10, source: ApplicationName, user: FailedUserName <LogFile> <Source>IPBanCustom</Source> <PathAndMask>/var/log/ipbancustom*.log</PathAndMask> <FailedLoginRegex> <![CDATA[ (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?(?<log>ipban\sfailed\slogin),\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)? ]]> </FailedLoginRegex> <SuccessfulLoginRegex> <![CDATA[ (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?ipban\ssuccess\slogin,\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)? ]]> </SuccessfulLoginRegex> <PlatformRegex>Linux</PlatformRegex> <PingInterval>10000</PingInterval> <MaxFileSize>16777216</MaxFileSize> <FailedLoginThreshold>0</FailedLoginThreshold> </LogFile> The entry for Windows...
Custom log entries, Windows Write log files to C:/IPBanCustomLogs/*.log and write this type of line to the log and ipban will add a failed login: 2020-01-01T01:01:01Z, ipban failed login, ip address: 10.10.10.10, source: ApplicationName, user: FailedUserName <LogFile> <Source>IPBanCustom</Source> <PathAndMask>C:/IPBanCustomLogs/**/*.log</PathAndMask> <FailedLoginRegex> <![CDATA[ (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?(?<log>ipban\sfailed\slogin),\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)? ]]> </FailedLoginRegex> <!-- For a regex with NotifyOnly, this will be a successful login and handled differently (IPBAN PRO only) --> <SuccessfulLoginRegex> <![CDATA[ (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?ipban\ssuccess\slogin,\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)? ]]> </SuccessfulLoginRegex> <PlatformRegex>Windows</PlatformRegex> <PingInterval>10000</PingInterval> <MaxFileSize>16777216</MaxFileSize> <FailedLoginThreshold>0</FailedLoginThreshold> </LogFile> IPBan (c) 2012-Present Digital Ruby, LLC - https://ipban.com