[Samba] samba and fail2ban

John Doe jdmls at yahoo.com
Tue Mar 29 03:29:34 MDT 2011

From: Hajo Locke <hajo.locke at gmx.de>

> > to stop bruteforce logins to samba i want to  create a fail2ban-rule which 
>blocks IPs with to many login-errors.
> >  unfortunately used logins and IPs in samba log are scattered to multiple 
>lines  so  i cant find a relation.
> > i use samba for wan and cant reduce to  internal IPs.
> > What ist best in my case to get better logs or stop  abusing?
> nobody has an idea? is there no possibility to get logs which  show which ip is 
>doing too much false logins?

Maybe have a script running in the background, parsing samba log file to create 
and alternative log file with all related info on the same line for fail2ban...?


More information about the samba mailing list