Talk:MANUAL 0 8

From Fail2ban
Jump to navigationJump to search

bastrocc darcnatrbas How to test the installation? This is a missing part of the manual. How can you easily test your SSH regex on an existing /var/log/auth.log ? Many thanks for fail2ban. --NBrouard 01:58, 9 January 2007 (PST)

The best way is probably to use fail2ban-regex. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you. --Lostcontrol 14:19, 9 January 2007 (PST)

In order to test my configuration I already changed your python fail2ban-regex in order to read a logfile: 

	def testRegex(self, logline, regex):
		print
		try:
			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
			print "fail2ban-testconfig =", logline, regex
			f = open(logline, "rb")
			self.__filter.addFailRegex(regex)
			for line in f:
				ret = self.__filter.findFailure(line)
				if len(ret) != 0:
					print "Success, the following data were found:"
					print "fail2ban-regex ", regex, line
					timeTuple = time.localtime(ret[0][1])
					print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
					ipList = ""
					for i in ret:
						ipList = ipList + " " + i[0]
					print "IP  :" + ipList
			print "After"
			logging.getLogger("fail2ban").setLevel(logging.CRITICAL)

But, as mentioned in the new TODO section, it would be nice to not only read a complete logfile but also the filter configuration file like sshd.conf. --NBrouard 09:43, 10 January 2007 (PST)

Sorry for the delay but I was quite busy last week. You're right :) It would be nice to read logfile and filter configuration. I will look at this as soon as possible. Thank you --Lostcontrol 01:38, 16 January 2007 (PST)

real time vs old services startup time

sometimes, when we change time on server, but not reboot, out daemons works and logging in another time space. bqz, fail2ban started in current time, instead of old services, which started before time changed to real, arising some fucking magic... when I set my findtime property in jail.local to value that more than difference between real and oldreal time - magic gone and their work starts. yahoo!) be aware of it)... 3 hours of my resort & sleep I spent to solve that problem ;( just system has needs a reboot. thats all.

p.s. maybe, we can make some functionality to make that "magic more real"?.. some warnings to fail2ban.log, or something else?..

Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Talk:MANUAL_0_8&oldid=2396"