fail2ban-regex是fail2ban提供的用来测试正则表达式的一个小工具,我们可以用它来测试正则表达式是否能够匹配到日志文件中的要禁止的IP行。
fail2ban-regex默认情况下自动匹配到日期和时间,所以在进行正则匹配的时候如果fail2ban能够匹配到日期部分,则无需在正则表达式中在匹配日期部分。
语法
fail2ban-regex 日志文件 ‘正则表达式’
示例
root@ubuntu:~# fail2ban-regex auth.log 'fail2ban-regex auth.log '[A-Za-z-_]+ sshd[d+]: Failed password for invalid user [A-Za-z0-9]+ from <HOST> port [0-9]{5} ssh2''
Running tests
=============
Use failregex line : .*: Failed password for invalid user [A-Za-z]+ fro...
Use log file : auth.log
Use encoding : UTF-8
Results(匹配结果)
=======
Failregex: 3932 total(总共匹配到3932条失败的记录)
|- #) [# of hits] regular expression
| 1) [3932] .*: Failed password for invalid user [A-Za-z]+ from <HOST> port [0-9]+ ssh2
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [28039] (?:DAY )?MON Day 24hour:Minute:Second(?:.Microseconds)?(?: Year)?
`-
Lines: 28039 lines, 0 ignored, 3932 matched, 24107 missed [processed in 1.89 sec]