Difference between revisions of "Talk:MANUAL 0 8"
| Line 56: | Line 56: | ||
--[[User:Qfox|Qfox]] 02:33, 17 April 2009 (UTC) | --[[User:Qfox|Qfox]] 02:33, 17 April 2009 (UTC) | ||
| + | |||
| + | |||
| + | == available tags? == | ||
| + | Perhaps id didnt get the point but i looked around for the available tags in f2b for while now and cant find any useful information about this. | ||
| + | Problem: f2b is watching a couple of webserver logs and i want to get mail with exact information, in what logfile which line matched the regexp. Is this possible? | ||
Revision as of 19:28, 6 May 2010
bastrocc darcnatrbas How to test the installation? This is a missing part of the manual. How can you easily test your SSH regex on an existing /var/log/auth.log ? Many thanks for fail2ban. --NBrouard 01:58, 9 January 2007 (PST)
The best way is probably to use fail2ban-regex. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you. --Lostcontrol 14:19, 9 January 2007 (PST)
In order to test my configuration I already changed your python fail2ban-regex in order to read a logfile:
def testRegex(self, logline, regex):
print
try:
logging.getLogger("fail2ban").setLevel(logging.DEBUG)
print "fail2ban-testconfig =", logline, regex
f = open(logline, "rb")
self.__filter.addFailRegex(regex)
for line in f:
ret = self.__filter.findFailure(line)
if len(ret) != 0:
print "Success, the following data were found:"
print "fail2ban-regex ", regex, line
timeTuple = time.localtime(ret[0][1])
print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
ipList = ""
for i in ret:
ipList = ipList + " " + i[0]
print "IP :" + ipList
print "After"
logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
But, as mentioned in the new TODO section, it would be nice to not only read a complete logfile but also the filter configuration file like sshd.conf. --NBrouard 09:43, 10 January 2007 (PST)
Sorry for the delay but I was quite busy last week. You're right :) It would be nice to read logfile and filter configuration. I will look at this as soon as possible. Thank you --Lostcontrol 01:38, 16 January 2007 (PST)
real time vs old services startup time
sometimes, when we change time on server, but not reboot, our daemons works and write logs in another time space. bqz, fail2ban started in current (real) time, instead of old services, which started before time changed to real, and arising some fucking magic... when I set my findtime property in jail.local to value that more than difference between real and oldreal time - magic gone and f2b's work starts. yahoo, i said!) reboot server and go to write this)
be aware of it)... 3 hours of my resort & sleep I spent to solve that problem ;( But it's just a system which needs a reboot.
I think, problems like that must be described in formal right written english in faq (or problems and solutions) part of manual.
p.s. and maybe, we can make some functionality to make that "magic more real"?.. some warnings to fail2ban.log, or something else?..
p.p.s. I left contacts for comments and live talk if need in personal page here. with best regards)
--Qfox 02:33, 17 April 2009 (UTC)
available tags?
Perhaps id didnt get the point but i looked around for the available tags in f2b for while now and cant find any useful information about this. Problem: f2b is watching a couple of webserver logs and i want to get mail with exact information, in what logfile which line matched the regexp. Is this possible?
