From: Yaroslav H. <li...@on...> - 2006-03-24 04:08:50
|
Hi All, Here is a brand new version... This one should fit everyone in terms of functionality I hope I fixed a bug and added a bit more information to the report. Also previous version was monitoring "INFO:" (verbose>0) level not "WARN:"(no verbose) HEre is a sample output (detail level 6 I believe) --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: SSH: 210.103.124.7 1 ban(s) 1 unban(s): 5 failures 210.14.28.59 1 ban(s) 1 unban(s): 5 failures ---------------------- fail2ban-messages End ------------------------- and here is for this month on my desktop with default detail level (which is 5 I believe)... The list of Unmatched entries is quite long but I think it should be this way -- I cut it after few lines to don't abuse mailin list ;-) ################### LogWatch 7.1 (11/12/05) #################### Processing Initiated: Thu Mar 23 23:05:29 2006 Date Range Processed: between 03/01/2006 and today ( 2006-Mar-01 / 2006-Mar-23 ) Period is day. Detail Level of Output: 5 Type of Output: unformatted Logfiles for Host: washoe ################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: ApacheAttacks: 61.220.191.21 (61-220-191-21.HINET-IP.hinet.net) 2 ban(s) 2 unban(s) 66.34.225.186 2 ban(s) 2 unban(s) SSH: 68.85.110.185 (c-68-85-110-185.hsd1.de.comcast.net) 1 ban(s) 1 unban(s) 59.120.70.210 (59-120-70-210.HINET-IP.hinet.net) 1 ban(s) 1 unban(s) 66.34.52.10 1 ban(s) 1 unban(s) 217.11.107.130 (fw-2.saimanet.net) 1 ban(s) 1 unban(s) 202.63.117.71 (yantra.uceou.edu) 2 ban(s) 2 unban(s) 201.224.172.195 2 ban(s) 2 unban(s) 139.142.43.29 (raq.yourlink.ca) 2 ban(s) 2 unban(s) 210.22.12.56 (sunym.gdsz.cncnet.net) 2 ban(s) 2 unban(s) 203.86.41.223 2 ban(s) 2 unban(s) 125.240.172.5 2 ban(s) 2 unban(s) 165.230.95.67 (washoe.rutgers.edu) 2 ban(s) 2 unban(s) 60.248.185.43 (60-248-185-43.HINET-IP.hinet.net) 2 ban(s) 2 unban(s) 218.146.254.184 6 ban(s) 6 unban(s) 83.14.0.230 (dwa230.internetdsl.tpnet.pl) 2 ban(s) 2 unban(s) **Unmatched Entries** 2006-03-03 14:54:25,215 ERROR: SSH: 83.14.0.230 already in ban list 2006-03-04 04:43:10,360 ERROR: SSH: 218.146.254.184 already in ban list 2006-03-05 07:46:04,013 WARNING: is not a valid IP address 2006-03-06 14:53:55,477 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-Apache 2006-03-06 14:53:55,524 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-ApacheAttacks ........ -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |