1

我想为我们的 webapp 实现 fail2ban。问题是我不知道如何处理正则表达式。我们的 nginx 日志看起来像这样

[REM-ADD]:"172.16.2.148" - [REQ-TIME]:"26/Apr/2016:12:05:32 +0530" -[STATUS]:"200" - [CLIENTIP]:"125.19.65.202, 54.239.168.59" - [CONNECTION]:"489" - [CONN-REQ]:"6" - [CONTENT-LEN]:"-" - [REQ-LEN]:"673" - [BODY-BYTE]:"1090" - [USER-AGENT]:"-" - [REQ]:"GET /news/api/v1/app_settings/ HTTP/1.1" - [REQ-BODY]:"-" - 
[REM-ADD]:"172.16.0.100" - [REQ-TIME]:"26/Apr/2016:12:05:35 +0530" -[STATUS]:"200" - [CLIENTIP]:"125.19.65.202, 54.239.168.60" - [CONNECTION]:"513" - [CONN-REQ]:"1" - [CONTENT-LEN]:"-" - [REQ-LEN]:"673" - [BODY-BYTE]:"1090" - [USER-AGENT]:"-" - [REQ]:"GET /news/api/v1/app_settings/ HTTP/1.1" - [REQ-BODY]:"

现在fail2ban docs说例如nginx-noscript.conf

[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\scgi)
ignoreregex =

基本上我想问如何为我的自定义 nginx 日志格式化正则表达式。我尝试了一些正则表达式,但它不起作用并且也不会引发任何错误。

4

1 回答 1

0

指定与 Apache 的组合格式兼容的日志格式

log_format main '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"' ;

会更容易处理

于 2016-04-26T07:15:47.460 回答