web_php.log & Fail2Ban -Solved- NEW REGEX -

Discussions related to the 1.36.x series of ZoneMinder
Post Reply
Pedulla
Posts: 167
Joined: Thu Nov 27, 2014 11:16 am
Location: Portland, Or

web_php.log & Fail2Ban -Solved- NEW REGEX -

Post by Pedulla »

In 1.34, fail2ban worked by monitoring /var/log/zm/web_php.log.

In 1.36, this log does not exist.

Is this a change in ZM or a config in PHP?

From scratch install running php7.4, UB20.04 & NGINX on both...
Last edited by Pedulla on Wed Sep 08, 2021 11:39 pm, edited 2 times in total.
bbunge
Posts: 2931
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: web_php.log & Fail2Ban

Post by bbunge »

/var/log/zm/web_php.log does exist.
Ubuntu 20.04, Mariadb, Apache2 & PHP 7.4

Sorry, but my NGINX ZM server was destroyed by the guy that replaced me at the warehouse. If I get a chance in the next few days I'll set up a test machine to check this out.
Pedulla
Posts: 167
Joined: Thu Nov 27, 2014 11:16 am
Location: Portland, Or

Re: web_php.log & Fail2Ban

Post by Pedulla »

Okay two systems, two results.
I upgraded a 1.34 server to 1.36 and web_php.log is there.
The initial system (which prompted this post) was a from scratch build and it's not there...

I'll repeat the experiment on some VM's... stand by....
bbunge
Posts: 2931
Joined: Mon Mar 26, 2012 11:40 am
Location: Pennsylvania

Re: web_php.log & Fail2Ban

Post by bbunge »

Just did a 20.04 LEMP from a basic mini.iso "bare" install. Used the WIKI procedure for LEMP 1.34 but used 1.36. /var/log/zm/web_php.log is there.
Suspect that using a VM could be an issue. I almost never use a VM to run Zoneminder unless it is for testing and that is very rare.
Pedulla
Posts: 167
Joined: Thu Nov 27, 2014 11:16 am
Location: Portland, Or

Re: web_php.log & Fail2Ban

Post by Pedulla »

!!Solution!!

Need to have LOG_LEVEL_FILE set to at least Error in Options.Logging.

This makes total sense when you think about it... :oops:
Pedulla
Posts: 167
Joined: Thu Nov 27, 2014 11:16 am
Location: Portland, Or

Re: web_php.log & Fail2Ban -Solved-

Post by Pedulla »

!!Update to fail2ban regex!!

The regex for zoneminder needs to read:

Code: Select all

failregex = ^\s*web_php\[\d+\]\.ERR \[<HOST>\].*includes/auth.php
datepattern = ^%%m/%%d/%%y %%H:%%M:%%S(?:\.%%f)
This gets both no user AND failed password.
Must have been a change somewhere along the way.
User avatar
iconnor
Posts: 2893
Joined: Fri Oct 29, 2010 1:43 am
Location: Toronto
Contact:

Re: web_php.log & Fail2Ban -Solved- NEW REGEX -

Post by iconnor »

I have included this in the ZM distro under misc/fail2ban.rules
Post Reply