fail2ban-regex - test Fail2ban "failregex" option

NAME  SYNOPSIS  DESCRIPTION  LOG:  REGEX:  IGNOREREGEX:  OPTIONS  AUTHOR  REPORTING BUGS  COPYRIGHT  SEE ALSO 

NAME

fail2ban-regex − test Fail2ban "failregex" option

SYNOPSIS

fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]

DESCRIPTION

Fail2Ban reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules.

This tools can test regular expressions for "fail2ban".

LOG:

string

a string representing a log line

filename

path to a log file (/var/log/auth.log)

systemd−journal

search systemd journal (systemd−python required), optionally with backend parameters, see ‘man jail.conf‘ for usage and examples (systemd−journal[journalflags=1]).

REGEX:

string

a string representing a ’failregex’

filter

name of filter, optionally with options (sshd[mode=aggressive])

filename

path to a filter file (filter.d/sshd.conf)

IGNOREREGEX:

string

a string representing an ’ignoreregex’

filename

path to a filter file (filter.d/sshd.conf)

OPTIONS

−−version

show program’s version number and exit

−h, −−help

show this help message and exit

−c CONFIG, −−config=CONFIG

set alternate config directory

−d DATEPATTERN, −−datepattern=DATEPATTERN

set custom pattern used to match date/times

−−timezone=TIMEZONE, −−TZ=TIMEZONE

set time−zone used by convert time format

−e ENCODING, −−encoding=ENCODING

File encoding. Default: system locale

−r, −−raw

Raw hosts, don’t resolve dns

−−usedns=USEDNS

DNS specified replacement of tags <HOST> in regexp (’yes’ − matches all form of hosts, ’no’ − IP addresses only)

−L MAXLINES, −−maxlines=MAXLINES

maxlines for multi−line regex.

−m JOURNALMATCH, −−journalmatch=JOURNALMATCH

journalctl style matches overriding filter file. "systemd−journal" only

−l LOG_LEVEL, −−log−level=LOG_LEVEL

Log level for the Fail2Ban logger to use

−V

get version in machine−readable short format

−v, −−verbose

Increase verbosity

−−verbosity=VERBOSE

Set numerical level of verbosity (0..4)

−−verbose−date, −−VD

Verbose date patterns/regex in output

−D, −−debuggex

Produce debuggex.com urls for debugging there

−−no−check−all

Disable check for all regex’s

−o OUT, −−out=OUT

Set token to print failure information only (row, id, ip, msg, host, ip4, ip6, dns, matches, ...)

−−print−no−missed

Do not print any missed lines

−−print−no−ignored

Do not print any ignored lines

−−print−all−matched

Print all matched lines

−−print−all−missed

Print all missed lines, no matter how many

−−print−all−ignored

Print all ignored lines, no matter how many

−t, −−log−traceback

Enrich log−messages with compressed tracebacks

−−full−traceback

Either to make the tracebacks full, not compressed (as by default)

AUTHOR

Written by Cyril Jaquier <[email protected]>. Many contributions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester (sebres).

REPORTING BUGS

Report bugs to https://github.com/fail2ban/fail2ban/issues

COPYRIGHT

Copyright © 2004−2008 Cyril Jaquier, 2008− Fail2Ban Contributors
Copyright of modifications held by their respective authors. Licensed under the GNU General Public License v2 (GPL).

SEE ALSO

fail2ban-client(1) fail2ban-server(1) jail.conf(5)

Updated 2024-01-29 - jenkler.se | uex.se