Hello ,
i am currently working on a fail2ban contribs. I would need some intrusion logs example in order to make some regex rules. Please send them to tests _at_ pialasse -dot- com.
You can seek for the intrusions in theses files :
- ftp : /var/log/ftp/ or /var/log/proftp
- imaps : /var/log/imaps/current
- pops : /var/log/pops/current
- imap : /var/log/imap/current
- pop : /var/log/pop/current
- qpsmtpd : /var/log/sqpsmtpd/current
- webmail : /var/log/httpd/error_log
- server manager : /var/log/httpd/error_log
i currently have some rules working for apache and php url open, as well as sshd (but denyhosts does it better)
I was also planning to make some esmith db in order to store banned ip during fail2ban restart.