I am attempting to integrate Fail2Ban with HAProxy like I do with my existing Nginx proxy.
Here’s a Pastebin to my HAProxy configuration: https://pastebin.com/GWBhJunf
Currently, my logs are outputting like:
Sep 18 06:40:24 localhost haproxy: 10.50.3.8:54171 [18/Sep/2018:06:40:22.712] SSLFrontend~ Unifi/unifi.domain.cloud 0/48/1502 297 -- 1/1/0/0/0 0/0
However, I’d like to get the logging to look like my Nginx logs:
<IP REDACTED> - - [17/Sep/2018:06:26:02 +0000] "GET /api/self/sites HTTP/2.0" 200 486 "https://unifi.domain.cloud/manage/site/default/dashboard" "Mozilla/5. 0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36" <IP REDACTED> - - [18/Sep/2018:06:47:02 +0000] "POST /api/login HTTP/2.0" 400 158 "https://unifi.domain.cloud/manage/account/login?redirect=%2Fmanage" "M ozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) CriOS/68.0.3440.83 Mobile/16A366 Safari/604.1"
200 obviously means everything is OK, but the 400 code represents a failed login attempt, where I can then integrate Fail2Ban jails.
I’ve looked at the docs: https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#8 and tried
option httplog as well as TCP logs.
Is anyone able to advise? Maybe I’m missing something simple.