Is it possible to configure the sendmail-whois-lines.conf file with a regex filter or other means so that a matching line in the auth.log is not included as one of relevant lines sent via email?
I never found an answer to my question, but I did find a solution after much searching with a variety of search terms. I created the file /etc/rsyslog.d/authlocal.conf and placed two lines in it that are similar to these. if $msg contains 'unique line content' then /var/log/new.log if $msg contains 'unique line content' then ~ It puts the line destined for auth.log that I did not want forwarded via email or sent to blocklist.de in a separate file, and then discards it so it is not placed in auth.log where fail2ban can use it. Hopefully this will save someone who wants to accomplish something similar a lot of time. As they say, “Google is your friend” -- if you search long enough
