fail2ban + Caddy with JSON logs
Hi! I’m running Caddy and saving access logs to disk in the JSON format. I want to integrate fail2ban to block bots trying /wp-login.php and other known URLs, and I couldn’t find much about how to make fail2ban read Caddy’s logs. This is a hack that I quickly came up with, barely tested, but I managed to make it work: /etc/fail2ban/filter.d/caddy-forbidden.local: [Definition] failregex = "client_ip":"<HOST>"(.*)"status":403 datepattern = "ts":<DATE>\. ignoreregex = Append to /etc/fail2ban/jail.local: ...