Fail2ban - sendmail-whois-lines.conf Question

Discussion in 'Server Operation' started by PK232, Aug 16, 2022.

  1. PK232

    PK232 New Member

    Is it possible to configure the sendmail-whois-lines.conf file with a regex filter or other means so that a matching line in the auth.log is not included as one of relevant lines sent via email?
  2. PK232

    PK232 New Member

    I never found an answer to my question, but I did find a solution after much searching with a variety of search terms.
    I created the file /etc/rsyslog.d/authlocal.conf and placed two lines in it that are similar to these.

    if $msg contains 'unique line content' then /var/log/new.log
    if $msg contains 'unique line content' then ~

    It puts the line destined for auth.log that I did not want forwarded via email or sent to in a separate file, and then discards it so it is not placed in auth.log where fail2ban can use it.

    Hopefully this will save someone who wants to accomplish something similar a lot of time.

    As they say, “Google is your friend” -- if you search long enough :)

Share This Page