Beitragsdatum | 20.02.2019 |
---|---|
Letzte Aktualisierung | - |
Betrifft | logwatch, fail2ban, Linux/Ubuntu, diverse Versionen |
/etc/logwatch/conf/logfiles/fail2ban.conf
# /etc/logwatch/conf/logfiles/fail2ban.conf # The LogFile path is relative to /var/log by default. # You can change the default by setting LogDir. LogFile = fail2ban.log # This enables searching through zipped archives as well. Archive = fail2ban.log.*.gz # Expand the repeats (actually just removes them now). *ExpandRepeats
/etc/logwatch/conf/services/fail2ban.conf
# /etc/logwatch//services/fail2ban.conf # title shown in the report Title = fail2ban-messages # logfile group LogFile = fail2ban
/etc/logwatch/scripts/services/fail2ban
#!/usr/bin/env bash # /etc/logwatch/scripts/services/fail2ban # Change the line separator to split by new lines. OLD_IFS=$IFS IFS=$'\n' # set vars to 0 BANS=0 UNBANS=0 # The contents of the log file are given in stdin. for LINE in $( cat /dev/stdin ); do # Only lines matching this regexp will be included. if echo $LINE|egrep 'NOTICE' &> /dev/null; then # Every line we echo here will be included in the logwatch report. echo $LINE fi if echo $LINE|egrep 'NOTICE.*Ban' &> /dev/null; then BAN=$[$BAN + 1] fi if echo $LINE|egrep 'NOTICE.*Unban' &> /dev/null; then UNBAN=$[$UNBAN + 1] fi done echo "$BAN Bans, $UNBAN Unbans"
logwatch --detail high --service fail2ban # Ausgabe: IP-Adressen wurden anonymisiert, Ausgabe gekürzt ################### Logwatch 7.4.0 (05/29/13) #################### Processing Initiated: Wed Feb 20 08:54:32 2019 Date Range Processed: yesterday ( 2019-Feb-19 ) Period is day. Detail Level of Output: 10 Type of Output/Format: stdout / text Logfiles for Host: host.host.tld ################################################################## --------------------- fail2ban-messages Begin (detail=1) ------------------------ 2019-02-19 00:03:59,539 fail2ban.actions [5355]: NOTICE [plesk-saslauth] Unban 190.220.147.x 2019-02-19 00:44:26,540 fail2ban.actions [5355]: NOTICE [plesk-postfix] Ban 190.220.147.x [...] 2019-02-19 23:37:27,514 fail2ban.actions [5355]: NOTICE [plesk-saslauth] Unban 119.28.66.x 20 Bans, 24 Unbans
Quellen:
Ähnliche Themen im blog:
logwatch, fail2ban