Brief history, had fail2ban working for a number of years, but new server, new apache and problems. Note, its working for other services, ftp, ssh etc but apache is proving stubborn.
The extract from my error log is:
Code:
[Mon Mar 24 18:29:45.307161 2014] [auth_basic:error] [pid 25683:tid 139705060378368] [client 212.159.xxx.yyy:51592] AH01618: user not found: /members/index2.htm
Previous server/apache would have shown:
Code:
[Mon Mar 24 17:17:44 2014] [error] [client 212.159.xxx.yyy] user not found: /members/index.htm
fail2ban simply doesnt pick anything up, I've tried running:
Code:
fail2ban-regex /var/logfilelocation "[[]client <HOST>[]] user .* not found"
and it doesnt pick anything up, this is straight from the apache-auth.conf file
Note, when I copy the old style log and run the same test, it picks up ok, so I'm guessing I need a modified search string, any help?