Hi
I also use GLPI at work and I just wrote the filter.
Could you test ?
fail2ban-regex /opt/glpi/files/_log/event.log /etc/fail2ban/filter.d/glpi.conf
Add glpi.conf to /etc/fail2ban/filter.d
Code
# Fail2Ban filter for glpi
#
[Definition]
failregex = ^(\[login\]).*?(Failed login for).*?(IP).<HOST>.*?
ignoreregex =
# DEV Notes:
#
# pattern : [login] 1: Failed login for user1 from IP ::ffff:70.33.11.00 2016-07-02 21:35:44 [@server]
#
# Author: Julien DARY
Alles anzeigen
Add to jail.conf