Edit file File name : oracleims.conf Content :# Fail2Ban configuration file # for Oracle IMS with XML logging # # Author: Joel Snyder/jms@opus1.com/2014-June-01 # # [INCLUDES] # Read common prefixes. # If any customizations available -- read them from # common.local before = common.conf [Definition] # Option: failregex # Notes.: regex to match the password failures messages # in the logfile. The host must be matched by a # group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is # only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # # # CONFIGURATION REQUIREMENTS FOR ORACLE IMS v6 and ABOVE: # # In OPTION.DAT you must have LOG_FORMAT=4 and # bit 5 of LOG_CONNECTION must be set. # # Many of these sub-fields are optional and can be turned on and off # by the system manager. We need the "tr" field # (transport information (present if bit 5 of LOG_CONNECTION is # set and transport information is available)). # "di" should be there by default if you have LOG_FORMAT=4. # Do not use "mi" as this is not included by default. # # Typical line IF YOU ARE USING TAGGING ! ! ! is: # <co ts="2014-06-02T09:45:50.29" pi="123f.3f8.4397" # sc="tcp_local" dr="+" ac="U" # tr="TCP|192.245.12.223|25|151.1.71.144|59762" ap="SMTP" # mi="Bad password" # us="01ko8hqnoif09qx0np@imap.opus1.com" # di="535 5.7.8 Bad username or password (Authentication failed)."/> # Format is generally documented in the PORT_ACCESS mapping # at http://docs.oracle.com/cd/E19563-01/819-4428/bgaur/index.html # # All that would be on one line. # Note that you MUST have LOG_FORMAT=4 for this to work! # failregex = tr="[A-Z]+\|[0-9.]+\|\d+\|<HOST>\|\d+" ap="[^"]*" mi="Bad password" us="[^"]*" di="535 5.7.8 Bad username or password( \(Authentication failed\))?\."/>$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = datepattern = ^<co ts="{DATE}"\s+ Save