From: Mauricio T. <rau...@gm...> - 2014-03-05 16:35:47
|
On Wed, Mar 5, 2014 at 11:33 AM, Mauricio Tavares <rau...@gm...> wrote: > On Wed, Mar 5, 2014 at 11:17 AM, Jamie Riden <jam...@gm...> wrote: >> I have a log file from a week or two ago, and I'd like to know what >> fail2ban would have done with a particular config. >> >> Is it possible to ask fail2ban to reprocess it as if it were live? >> >> Sorry, it might be a silly question. I have googled and spent an hour >> or two playing - but got no IPs in the jail at all, where as I should >> have a handful at least. >> >> Have tested with fail2ban regex, but I'd like to know whether the >> maxtretry and findtime would have caused any false positives on the >> historical data. >> >> E.g. what if I did chucked it line by line into a new file, and >> updated the system clock to the most recent line's datestamp? >> > I think what you want to use is fail2ban-regex > > Ex: > > fail2ban-regex /var/log/asterisk/messages /etc/fail2ban/filter.d/asterisk.conf > Sorry for the double, but you can also use it to test a single rule before adding to your filter thingie: fail2ban-regex ./test.log "NOTICE.* .*: Call from '.*' \(<HOST>:.*\) to extension '.*' rejected because extension not found in context 'from-pstn'." >> thanks, >> Jamie >> >> ------------------------------------------------------------------------------ >> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. >> With Perforce, you get hassle-free workflows. Merge that actually works. >> Faster operations. Version large binaries. Built-in WAN optimization and the >> freedom to use Git, Perforce or both. Make the move to Perforce. >> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users |