background preloader

Pgr.sikkin

Facebook Twitter

Pierre-Gilles RAYNAUD

Monitoring the fail2ban log < System. Following on from the article on fail2ban and iptables this article looks at the fail2ban logfile and ways to analyse it using simple command-line tools such as awk and grep. 1.

Monitoring the fail2ban log < System

Format of the Logfile At the simplest logging level, entries will appear in /var/log/fail2ban.log as follows (fail2ban version 0.8.3): ... 2006-02-13 15:52:30,388 fail2ban.actions: WARNING [sendmail] Ban XXX.66.82.116 2006-02-13 15:59:29,295 fail2ban.actions: WARNING [sendmail] Ban XXX.27.118.100 2006-02-13 16:07:31,183 fail2ban.actions: WARNING [sendmail] Unban XXX.66.82.116 2006-02-13 16:14:29,530 fail2ban.actions: WARNING [sendmail] Unban XXX.27.118.100 2006-02-13 16:56:27,086 fail2ban.actions: WARNING [ssh] Ban XXX.136.60.164 2006-02-13 17:11:27,833 fail2ban.actions: WARNING [ssh] Unban XXX.136.60.164 2. All of the following commands can be run at the command-line or via a script.

Grouping by IP address: awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n Sample output: 100+ Ways to Use LinkedIn.

Education

Technics. Paleo diet. ERP. Business. EU. Russia. Help. Pearltrees videos.