Hi,
bit confused as to how to use the fail2ban content pack, very new to GreyLog.
Ive watched videos, and read the help files on GreyLog website, but can’t find the right info I need to understand how to set this up correctly.but content does not help
Ive installed it all ok, I’ve added
[Definition]
logtarget = SYSLOG
to jail.local to direct the logs to the syslog for collection, as directed in another post
I have added the following to /etc/rsyslog.conf
. @:1514;RSYSLOG_SyslogProtocol23Format
. @@:1514;RSYSLOG_SyslogProtocol23Format
And tcp and udp messages are present when checking show received messages.
Firewall setup ok, selinux temporary in permissive mode.
Im doing something wrong, but don’t know what, I also don’t know hoe to use the grok_patterns in the entity list.
Can someone point me in the correct direction, current version being used is Greylog 4.0
Thanks, Ollie