Open paulsen-it opened 5 years ago
This will be an awesome addition indeed to analyze site-wise bans.
The log-file from where the failures are coming is not a part of API in the moment (neither it is referenced in the ticket, nor I'm convinced it should be really done for several reasons).
So grep --files-with-matches -wF $ip /log/path/mask
remains your friend yet.
Heya @sebres appreciate your response.
I understand it's not part of the API at the moment. The use case I'm looking at is, to feed fail2ban log to ELK and be able to monitor, visualize site wise data on bans. Are you suggesting, to get the banned IP addresses from the fail2ban log and then grep through the web server logs?
Purely for learning and understanding, what are your reasons that you think aren't convincing you?
Thanks!
get the banned IP addresses from the fail2ban log
Why if there is a fail2ban database, where this info (with many other) is available via SQL?
Environment:
The issue:
fail2ban logs bans with this message:
2019-04-02 15:27:42,318 fail2ban.actions: WARNING [apache] Ban 44.110.20.110
It is possible to add the log-file at the end of this message. So I can see in which log-File the ban is happend.2019-04-02 15:27:42,318 fail2ban.actions: WARNING [apache] Ban 44.110.20.110 /var/log/apache2/error.log
Because I work with wildcards so there are many log-files /var/log/sites/*/log/error.log and I cannot see which log-file will be found from fail2ban.