Difference between revisions of "Talk:MANUAL 0 8"
From Fail2ban
Jump to navigationJump to searchLostcontrol (talk | contribs) |
(Testing not only one line but a log file) |
||
| Line 7: | Line 7: | ||
The best way is probably to use '''fail2ban-regex'''. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you. | The best way is probably to use '''fail2ban-regex'''. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you. | ||
--[[User:Lostcontrol|Lostcontrol]] 14:19, 9 January 2007 (PST) | --[[User:Lostcontrol|Lostcontrol]] 14:19, 9 January 2007 (PST) | ||
| + | |||
| + | In order to test my configuration I already changed your python fail2ban-regex in order to read a logfile: | ||
| + | <pre> | ||
| + | def testRegex(self, logline, regex): | ||
| + | print | ||
| + | try: | ||
| + | logging.getLogger("fail2ban").setLevel(logging.DEBUG) | ||
| + | print "fail2ban-testconfig =", logline, regex | ||
| + | f = open(logline, "rb") | ||
| + | self.__filter.addFailRegex(regex) | ||
| + | for line in f: | ||
| + | ret = self.__filter.findFailure(line) | ||
| + | if len(ret) != 0: | ||
| + | print "Success, the following data were found:" | ||
| + | print "fail2ban-regex ", regex, line | ||
| + | timeTuple = time.localtime(ret[0][1]) | ||
| + | print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple) | ||
| + | ipList = "" | ||
| + | for i in ret: | ||
| + | ipList = ipList + " " + i[0] | ||
| + | print "IP :" + ipList | ||
| + | print "After" | ||
| + | logging.getLogger("fail2ban").setLevel(logging.CRITICAL) | ||
| + | </pre> | ||
| + | But, as mentioned in the new TODO section, it would be nice to not only read a complete logfile but also the filter configuration file like sshd.conf. | ||
| + | --[[User:NBrouard|NBrouard]] 09:43, 10 January 2007 (PST) | ||
Revision as of 19:43, 10 January 2007
How to test the installation? This is a missing part of the manual. How can you easily test your SSH regex on an existing /var/log/auth.log ? Many thanks for fail2ban. --NBrouard 01:58, 9 January 2007 (PST)
The best way is probably to use fail2ban-regex. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you. --Lostcontrol 14:19, 9 January 2007 (PST)
In order to test my configuration I already changed your python fail2ban-regex in order to read a logfile:
def testRegex(self, logline, regex):
print
try:
logging.getLogger("fail2ban").setLevel(logging.DEBUG)
print "fail2ban-testconfig =", logline, regex
f = open(logline, "rb")
self.__filter.addFailRegex(regex)
for line in f:
ret = self.__filter.findFailure(line)
if len(ret) != 0:
print "Success, the following data were found:"
print "fail2ban-regex ", regex, line
timeTuple = time.localtime(ret[0][1])
print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
ipList = ""
for i in ret:
ipList = ipList + " " + i[0]
print "IP :" + ipList
print "After"
logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
But, as mentioned in the new TODO section, it would be nice to not only read a complete logfile but also the filter configuration file like sshd.conf. --NBrouard 09:43, 10 January 2007 (PST)
