#!/bin/sh

# Parse multiple fail2ban log files to list all the IP that should be banned.
# The log files comes from many different host and we want a big block list.

# The block list to create
blk_list='/tmp/blk_list'

log_path='/var/log/clients/fail2ban'

rm -f "${blk_list}" && touch "${blk_list}"

# Log files to analyze
for log_file in $(find ${log_path} ! -iname "*.gz" -type f); do

  #printf 'Analyze %s file\n' "${log_file}"

  # Analyze the lines of this log file
  while read -r line; do

    #printf 'l: %s\n' "${line}"
    # SAME
    #awk '{print $"$line"}'

    action=$(echo $line | awk '{ print $8 }')
    ip=$(echo $line | awk '{ print $NF }')

    case $action in
      "Ban" )
        printf '%s\n' "${ip}" >> "${blk_list}"
        ;;
      "Unban" )
        #printf 'Unban %s\n' "${ip}"
        sed -i '/'"${ip}"'/d' "${blk_list}"
        ;;
    esac

  done < "${log_file}"

  #printf 'Last action: %s\n' $action
  #printf 'Last IP: %s\n' $ip

done # End for log_file