Re: [Fail2ban-users] probably a silly question - is it possible to see what fail2ban would have done with an old log file?

[Mauricio T. <rau...@gm...>]

On Wed, Mar 5, 2014 at 11:33 AM, Mauricio Tavares <rau...@gm...> wrote:
> On Wed, Mar 5, 2014 at 11:17 AM, Jamie Riden <jam...@gm...> wrote:
>> I have a log file from a week or two ago, and I'd like to know what
>> fail2ban would have done with a particular config.
>>
>> Is it possible to ask fail2ban to reprocess it as if it were live?
>>
>> Sorry, it might be a silly question. I have googled and spent an hour
>> or two playing - but got no IPs in the jail at all, where as I should
>> have a handful at least.
>>
>> Have tested with fail2ban regex, but I'd like to know whether the
>> maxtretry and findtime would have caused any false positives on the
>> historical data.
>>
>> E.g. what if I did chucked it line by line into a new file, and
>> updated the system clock to the most recent line's datestamp?
>>
>       I think what you want to use is fail2ban-regex
>
> Ex:
>
> fail2ban-regex /var/log/asterisk/messages /etc/fail2ban/filter.d/asterisk.conf
>
      Sorry for the double, but you can also use it to test a single
rule before adding to your filter thingie:

fail2ban-regex ./test.log     "NOTICE.* .*: Call from '.*'
\(<HOST>:.*\) to extension '.*' rejected because extension not found
in context 'from-pstn'."



>> thanks,
>>  Jamie
>>
>> ------------------------------------------------------------------------------
>> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
>> With Perforce, you get hassle-free workflows. Merge that actually works.
>> Faster operations. Version large binaries.  Built-in WAN optimization and the
>> freedom to use Git, Perforce or both. Make the move to Perforce.
>> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Fail2ban-users mailing list
>> Fai...@li...
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users