ConfigServer Community Forum

I'm just using the new option for using wildcards in logs as followed:

HTACCESS_LOG = "/var/log/httpd/error_log /var/log/httpd/domains/*.error.log"

Now we have a regexp.custom.pm like this: This makes a log entry in /var/log/httpd/domains/mydomain.nl.error.log like this:
My protection http://www.somedomain.nl banned IP: 84.12.123.123

This won't trigger csf/lfd and the ip won't get banned.

Now when I change the HTACCESS_LOG to CUSTOM1.LOG in the regexp.custom.pm and add to csf.conf:
CUSTOM1_LOG = "/var/log/httpd/domains/mydomain.nl.error.log"
then it's triggered.

Is this a bug or why is it not triggered when using HTACCESS_LOG in the regexp.custom.pm?
I checked when reloading LFD and it says: So what is going wrong when using HTACCESS_LOG in the regexp.custom.pm?

Can it be confirmed if this is a bug or not please?

You should only ever use CUSTOM*_LOG in regex.custom.pm:

You need to specify the log file that needs to be scanned for log line matches in csf.conf under CUSTOMx_LOG

Thank you, that explains it.
Is it possible to define the same logfile in LF_HTACCESS and CUSTOMx_log if needed?

Yes, absolutely. It should not duplicate anything as the logs to be watched are optimised so that they are only watched once.

Edit: Do remember that lfd does have to be restarted if the logs to be scanned in a glob changes and they are only expanded when lfd is restarted.