[horde] Logfile - disable hostname lookups
Markus Winkler
ml at irmawi.de
Sat Mar 19 10:37:36 UTC 2022
Hi,
my Horde setup has:
$conf['log']['enabled'] = true;
$conf['log']['name'] = '/var/log/horde.log';
I would like to check /var/log/horde.log with fail2ban for entries like this:
2022-03-19T08:52:50+01:00 NOTICE: HORDE Guest user is not authorized for
Horde (Host: hostglobal50env1.com). ...
This works fine so far, fail2ban detects these entries. But: as you can see
for 'Host' it resolves the corresponding IP address (as seen by the web
server, I assume; and btw: in the Apache config I have 'HostnameLookups Off'):
$ host 109.237.103.9
9.103.237.109.in-addr.arpa domain name pointer hostglobal50env1.com.
and writes this hostname to the log file. But in most cases there's no
forward resolution for these hostnames, like in this example:
$ host hostglobal50env1.com
Host hostglobal50env1.com not found: 3(NXDOMAIN)
And so fail2ban cannot create an entry for the iptables chain.
Long story short: is it possible to disable hostname lookups so Horde only
logs the ip address?
Thanks and best regards,
Markus
More information about the horde
mailing list