Skip to content

Custom Integrations

Jump to bottom
Jeff Johnson edited this page Jul 17, 2023 · 18 revisions

You can log to a known custom log format from any system to initiate failed login attempts which will be processed by ipban.

Here is the log entry and format for Linux:

Custom log entries, Linux
For custom logs, write this type of line and ipban will add a failed login:
2020-01-01T01:01:01Z, ipban failed login: 10.10.10.10, source: ApplicationName, user: FailedUserName

<LogFile>

	<Source>IPBanCustom</Source>
	<PathAndMask>/var/log/ipbancustom*.log</PathAndMask>
	<FailedLoginRegex>
	  <![CDATA[
		(?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?(?<log>ipban\sfailed\slogin),\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
	  ]]>
	</FailedLoginRegex>
	<SuccessfulLoginRegex>
	  <![CDATA[
		(?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?ipban\ssuccess\slogin,\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
	  ]]>
	</SuccessfulLoginRegex>
	<PlatformRegex>Linux</PlatformRegex>
	<PingInterval>10000</PingInterval>
	<MaxFileSize>16777216</MaxFileSize>
	<FailedLoginThreshold>0</FailedLoginThreshold>

</LogFile>

The entry for Windows...

Custom log entries, Windows
Write log files to C:/IPBanCustomLogs/*.log and write this type of line to the log and ipban will add a failed login:
2020-01-01T01:01:01Z, ipban failed login, ip address: 10.10.10.10, source: ApplicationName, user: FailedUserName

<LogFile>

	<Source>IPBanCustom</Source>
	<PathAndMask>C:/IPBanCustomLogs/**/*.log</PathAndMask>
	<FailedLoginRegex>
	  <![CDATA[
		  (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?(?<log>ipban\sfailed\slogin),\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
	  ]]>
	</FailedLoginRegex>
	<!-- For a regex with NotifyOnly, this will be a successful login and handled differently (IPBAN PRO only) -->
	<SuccessfulLoginRegex>
	  <![CDATA[
		  (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?ipban\ssuccess\slogin,\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
	  ]]>
	</SuccessfulLoginRegex>
	<PlatformRegex>Windows</PlatformRegex>
	<PingInterval>10000</PingInterval>
	<MaxFileSize>16777216</MaxFileSize>
	<FailedLoginThreshold>0</FailedLoginThreshold>

</LogFile>

IPBan (c) 2012-Present Digital Ruby, LLC - https://ipban.com

Clone this wiki locally