Small script to parse fail2ban's log files and extract the IP banned in
all log.
This commit is contained in:
parent
d0e710ba1e
commit
00e9c3e781
|
@ -0,0 +1,43 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Parse multiple fail2ban log files to list all the IP that should be banned.
|
||||||
|
# The log files comes from many different host and we want a big block list.
|
||||||
|
|
||||||
|
# The block list to create
|
||||||
|
blk_list='/tmp/blk_list'
|
||||||
|
|
||||||
|
log_path='/var/log/clients/fail2ban'
|
||||||
|
|
||||||
|
rm -f "${blk_list}" && touch "${blk_list}"
|
||||||
|
|
||||||
|
# Log files to analyze
|
||||||
|
for log_file in $(find ${log_path} ! -iname "*.gz" -type f); do
|
||||||
|
|
||||||
|
#printf 'Analyze %s file\n' "${log_file}"
|
||||||
|
|
||||||
|
# Analyze the lines of this log file
|
||||||
|
while read -r line; do
|
||||||
|
|
||||||
|
#printf 'l: %s\n' "${line}"
|
||||||
|
# SAME
|
||||||
|
#awk '{print $"$line"}'
|
||||||
|
|
||||||
|
action=$(echo $line | awk '{ print $8 }')
|
||||||
|
ip=$(echo $line | awk '{ print $NF }')
|
||||||
|
|
||||||
|
case $action in
|
||||||
|
"Ban" )
|
||||||
|
printf '%s\n' "${ip}" >> "${blk_list}"
|
||||||
|
;;
|
||||||
|
"Unban" )
|
||||||
|
#printf 'Unban %s\n' "${ip}"
|
||||||
|
sed -i '/'"${ip}"'/d' "${blk_list}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
done < "${log_file}"
|
||||||
|
|
||||||
|
#printf 'Last action: %s\n' $action
|
||||||
|
#printf 'Last IP: %s\n' $ip
|
||||||
|
|
||||||
|
done # End for log_file
|
Loading…
Reference in New Issue