Custom Integrations

You can log to a known custom log format from any system to initiate failed login attempts which will be processed by ipban. Here is the log entry and format for Linux:

<Source>IPBanCustom</Source>
<PathAndMask>/var/log/ipbancustom*.log</PathAndMask>
<FailedLoginRegex>
  <![CDATA[
	(?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?(?<log>ipban\sfailed\slogin),\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
  ]]>
</FailedLoginRegex>
<SuccessfulLoginRegex>
  <![CDATA[
	(?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?ipban\ssuccess\slogin,\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
  ]]>
</SuccessfulLoginRegex>
<PlatformRegex>Linux</PlatformRegex>
<PingInterval>10000</PingInterval>
<MaxFileSize>16777216</MaxFileSize>
<FailedLoginThreshold>0</FailedLoginThreshold>

The entry for Windows:

<Source>IPBanCustom</Source>
<PathAndMask>C:/IPBanCustomLogs/**/*.log</PathAndMask>
<FailedLoginRegex>
  <![CDATA[
	  (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?(?<log>ipban\sfailed\slogin),\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
  ]]>
</FailedLoginRegex>
<!-- For a regex with NotifyOnly, this will be a successful login and handled differently (IPBAN PRO only) -->
<SuccessfulLoginRegex>
  <![CDATA[
	  (?<timestamp>\d\d\d\d-\d\d-\d\d\s\d\d:\d\d:\d\d(?:\.\d+)?Z?)?(?:,\s)?ipban\ssuccess\slogin,\sip\saddress:\s(?<ipaddress>[^,\n]+),\ssource:\s(?<source>[^,\n]+)?,\suser:\s(?<username>[^\s,]+)?
  ]]>
</SuccessfulLoginRegex>
<PlatformRegex>Windows</PlatformRegex>
<PingInterval>10000</PingInterval>
<MaxFileSize>16777216</MaxFileSize>
<FailedLoginThreshold>0</FailedLoginThreshold>