Bug? Wildcard log is not triggered by csf?

[Black Tiger]

I'm just using the new option for using wildcards in logs as followed:

HTACCESS_LOG = "/var/log/httpd/error_log /var/log/httpd/domains/*.error.log"

Now we have a regexp.custom.pm like this:

Code: Select all

if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[error\] \[client (\S+)\] My protection (.*) banned IP: (\S+)/)) {
    return ("Mytrap triggered",$1,"bottrap",1,"80,443","3600");
}

This makes a log entry in /var/log/httpd/domains/mydomain.nl.error.log like this:
My protection http://www.somedomain.nl banned IP: 84.12.123.123

This won't trigger csf/lfd and the ip won't get banned.

Now when I change the HTACCESS_LOG to CUSTOM1.LOG in the regexp.custom.pm and add to csf.conf:
CUSTOM1_LOG = "/var/log/httpd/domains/mydomain.nl.error.log"
then it's triggered.

Is this a bug or why is it not triggered when using HTACCESS_LOG in the regexp.custom.pm?
I checked when reloading LFD and it says:

Code: Select all

Watching /var/log/httpd/domains/mydomain.nl.error.log...

So what is going wrong when using HTACCESS_LOG in the regexp.custom.pm?

[Black Tiger]

Can it be confirmed if this is a bug or not please?

[ForumAdmin]

You should only ever use CUSTOM*_LOG in regex.custom.pm:

You need to specify the log file that needs to be scanned for log line matches in csf.conf under CUSTOMx_LOG

[Black Tiger]

Thank you, that explains it.
Is it possible to define the same logfile in LF_HTACCESS and CUSTOMx_log if needed?

[ForumAdmin]

Yes, absolutely. It should not duplicate anything as the logs to be watched are optimised so that they are only watched once.

Edit: Do remember that lfd does have to be restarted if the logs to be scanned in a glob changes and they are only expanded when lfd is restarted.