/etc/fail2ban/filter.d/jail.local:[owncloud]enabled = truefilter = ownc

1. /etc/fail2ban/filter.d/jail.local:
2.  
3. [owncloud]
4. enabled = true
5. filter = owncloud
6. port = https
7. logpath = /var/www/owncloud/data/owncloud.log
8.  
9. /etc/fail2ban/filter.d/owncloud.conf:
10.  
11. [Definition]
12. failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"}
13.  
14. ignoreregex =
15.  
16. /var/www/owncloud/data/owncloud.log:
17.  
18. {"reqId":"824ff389f8cbbe1a38a56df1bf08e0d7","remoteAddr":"192.168.0.1","app":"core","message":"Login failed: 'test' (Remote IP: '192.168.0.1', X-Forwarded-For: '')","level":2,"time":"2015-05-23T19:09:50+00:00"}
19.  
20. fail2ban-regex /var/www/owncloud/data/owncloud.log /etc/fail2ban/filter.d/owncloud.conf -v:
21.  
22. Running tests
23. =============
24.  
25. Use failregex file : /etc/fail2ban/filter.d/owncloud.conf
26. Use log file : /var/www/owncloud/data/owncloud.log
27.  
28.  
29. Results
30. =======
31.  
32. Failregex: 28 total
33. |- #) [# of hits] regular expression
34. | 1) [28] {"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"}
35. | 192.168.0.1 Sat May 23 20:09:50 2015
36. | 192.168.0.1 Sat May 23 20:30:31 2015
37. | 192.168.0.1 Sat May 23 20:30:33 2015
38. | 192.168.0.1 Sat May 23 20:30:35 2015
39. | 192.168.0.1 Sat May 23 20:30:37 2015
40. | 192.168.0.1 Sat May 23 20:30:39 2015
41. | 192.168.0.1 Sat May 23 20:42:20 2015
42. | 192.168.0.1 Sat May 23 20:42:22 2015
43. | 192.168.0.1 Sat May 23 20:42:24 2015
44. | 192.168.0.1 Sat May 23 20:42:26 2015
45. | 192.168.0.1 Sat May 23 20:42:28 2015
46. | 192.168.0.1 Sat May 23 20:42:31 2015
47. | 192.168.0.1 Sat May 23 20:42:32 2015
48. | 192.168.0.1 Sat May 23 20:42:35 2015
49. | 192.168.0.1 Sun May 24 00:13:26 2015
50. | 192.168.0.1 Sun May 24 00:13:29 2015
51. | 192.168.0.1 Sun May 24 00:13:31 2015
52. | 192.168.0.1 Sun May 24 00:13:33 2015
53. | 192.168.0.1 Sun May 24 00:20:49 2015
54. | 192.168.0.1 Sun May 24 00:20:51 2015
55. | 192.168.0.1 Sun May 24 00:20:59 2015
56. | 192.168.0.1 Sun May 24 00:21:04 2015
57. | 192.168.0.1 Sun May 24 00:27:52 2015
58. | 192.168.0.1 Sun May 24 00:27:54 2015
59. | 192.168.0.1 Sun May 24 00:27:56 2015
60. | 192.168.0.1 Sun May 24 00:27:58 2015
61. | 192.168.0.1 Sun May 24 00:28:00 2015
62. | 192.168.0.1 Sun May 24 00:28:01 2015
63. `-
64.  
65. Ignoreregex: 0 total
66.  
67. Date template hits:
68. |- [# of hits] date format
69. | [777] ISO 8601
70. | [0] WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year
71. | [0] WEEKDAY MONTH Day Hour:Minute:Second Year
72. | [0] WEEKDAY MONTH Day Hour:Minute:Second
73. | [0] MONTH Day Hour:Minute:Second
74. | [0] Year/Month/Day Hour:Minute:Second
75. | [0] Day/Month/Year Hour:Minute:Second
76. | [0] Day/Month/Year2 Hour:Minute:Second
77. | [0] Day/MONTH/Year:Hour:Minute:Second
78. | [0] Month/Day/Year:Hour:Minute:Second
79. | [0] Year-Month-Day Hour:Minute:Second[,subsecond]
80. | [0] Year-Month-Day Hour:Minute:Second
81. | [0] Year.Month.Day Hour:Minute:Second
82. | [0] Day-MONTH-Year Hour:Minute:Second[.Millisecond]
83. | [0] Day-Month-Year Hour:Minute:Second
84. | [0] Month-Day-Year Hour:Minute:Second[.Millisecond]
85. | [0] TAI64N
86. | [0] Epoch
87. | [0] Hour:Minute:Second
88. | [0] <Month/Day/Year@Hour:Minute:Second>
89. | [0] YearMonthDay Hour:Minute:Second
90. | [0] Month-Day-Year Hour:Minute:Second
91. `-
92.  
93. Lines: 777 lines, 0 ignored, 28 matched, 749 missed
94. Missed line(s): too many to print. Use --print-all-missed to print all 749 lines