Difference between revisions of "Talk:MANUAL 0 8"

From Fail2ban
Jump to: navigation, search
(Testing not only one line but a log file)
Line 7: Line 7:
 
The best way is probably to use '''fail2ban-regex'''. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you.
 
The best way is probably to use '''fail2ban-regex'''. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you.
 
--[[User:Lostcontrol|Lostcontrol]] 14:19, 9 January 2007 (PST)
 
--[[User:Lostcontrol|Lostcontrol]] 14:19, 9 January 2007 (PST)
 +
 +
In order to test my configuration I already changed your python fail2ban-regex in order to read a logfile:
 +
<pre>
 +
def testRegex(self, logline, regex):
 +
print
 +
try:
 +
logging.getLogger("fail2ban").setLevel(logging.DEBUG)
 +
print "fail2ban-testconfig =", logline, regex
 +
f = open(logline, "rb")
 +
self.__filter.addFailRegex(regex)
 +
for line in f:
 +
ret = self.__filter.findFailure(line)
 +
if len(ret) != 0:
 +
print "Success, the following data were found:"
 +
print "fail2ban-regex ", regex, line
 +
timeTuple = time.localtime(ret[0][1])
 +
print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
 +
ipList = ""
 +
for i in ret:
 +
ipList = ipList + " " + i[0]
 +
print "IP  :" + ipList
 +
print "After"
 +
logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
 +
</pre>
 +
But, as mentioned in the new TODO section, it would be nice to not only read a complete logfile but also the filter configuration file like sshd.conf.
 +
--[[User:NBrouard|NBrouard]] 09:43, 10 January 2007 (PST)

Revision as of 18:43, 10 January 2007

How to test the installation? This is a missing part of the manual. How can you easily test your SSH regex on an existing /var/log/auth.log ? Many thanks for fail2ban. --NBrouard 01:58, 9 January 2007 (PST)


The best way is probably to use fail2ban-regex. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you. --Lostcontrol 14:19, 9 January 2007 (PST)

In order to test my configuration I already changed your python fail2ban-regex in order to read a logfile:

	def testRegex(self, logline, regex):
		print
		try:
			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
			print "fail2ban-testconfig =", logline, regex
			f = open(logline, "rb")
			self.__filter.addFailRegex(regex)
			for line in f:
				ret = self.__filter.findFailure(line)
				if len(ret) != 0:
					print "Success, the following data were found:"
					print "fail2ban-regex ", regex, line
					timeTuple = time.localtime(ret[0][1])
					print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
					ipList = ""
					for i in ret:
						ipList = ipList + " " + i[0]
					print "IP  :" + ipList
			print "After"
			logging.getLogger("fail2ban").setLevel(logging.CRITICAL)

But, as mentioned in the new TODO section, it would be nice to not only read a complete logfile but also the filter configuration file like sshd.conf. --NBrouard 09:43, 10 January 2007 (PST)