Tom,
I am also using Fail2BAN.
I created my own jail for JNOS and it works great.
That is also why I needed to change the JNOS log file name to something static. That way I could avoid having to reload/restart Fail2Ban every morning at midnight to look for a new log.
If you need the Jail regex I created for JNOS (assuming you're using JNOS), contact me off-list (kg6baj@n1oes.org) and I can email it to you.
Bill KG6BAJ
At 09:13 AM 09/29/14, you wrote:
I do this with a program called fail2ban. You configure it to watch log files for authentication failures or other suspicious activity. It then blocks the suspicious source IP in iptables for the configured period of time. When the time expires, the IP is unbanned, so false positives or new users of an IP address aren't adversely affected.
I get many bans per day and don't put much energy into monitoring or reporting them.
Tom KD7LXL _________________________________________