Tom,
I am also using Fail2BAN.
I created my own jail for JNOS and it works great.
That is also why I needed to change the JNOS log file name to something
static. That way I could avoid having to reload/restart Fail2Ban every
morning at midnight to look for a new log.
If you need the Jail regex I created for JNOS (assuming you're using JNOS),
contact me off-list (kg6baj(a)n1oes.org) and I can email it to you.
Bill
KG6BAJ
At 09:13 AM 09/29/14, you wrote:
>I do this with a program called fail2ban. You configure it to watch
>log files for authentication failures or other suspicious activity. It
>then blocks the suspicious source IP in iptables for the configured
>period of time. When the time expires, the IP is unbanned, so false
>positives or new users of an IP address aren't adversely affected.
>
>I get many bans per day and don't put much energy into monitoring or
>reporting them.
>
>Tom KD7LXL
>_________________________________________