fail2ban-regex - test Fail2ban "failregex" option
fail2ban-regex [OPTIONS] <LOG>
<REGEX> [IGNOREREGEX]
Fail2Ban reads log file that contains password failure report and
bans the corresponding IP addresses using firewall rules.
This tools can test regular expressions for
"fail2ban".
- string
- a string representing a log line
- filename
- path to a log file (/var/log/auth.log)
- "systemd-journal"
- search systemd journal (systemd-python required)
- string
- a string representing a 'failregex'
- filename
- path to a filter file (filter.d/sshd.conf)
- string
- a string representing an 'ignoreregex'
- filename
- path to a filter file (filter.d/sshd.conf)
- --version
- show program's version number and exit
- -h, --help
- show this help message and exit
- -c CONFIG,
--config=CONFIG
- set alternate config directory
- -d DATEPATTERN,
--datepattern=DATEPATTERN
- set custom pattern used to match date/times
- --timezone=TIMEZONE,
--TZ=TIMEZONE
- set time-zone used by convert time format
- -e ENCODING,
--encoding=ENCODING
- File encoding. Default: system locale
- -r, --raw
- Raw hosts, don't resolve dns
- --usedns=USEDNS
- DNS specified replacement of tags <HOST> in regexp ('yes' - matches
all form of hosts, 'no' - IP addresses only)
- -L MAXLINES,
--maxlines=MAXLINES
- maxlines for multi-line regex.
- -m JOURNALMATCH,
--journalmatch=JOURNALMATCH
- journalctl style matches overriding filter file.
"systemd-journal" only
- -l LOG_LEVEL,
--log-level=LOG_LEVEL
- Log level for the Fail2Ban logger to use
- -v, --verbose
- Increase verbosity
- --verbosity=VERBOSE
- Set numerical level of verbosity (0..4)
- --verbose-date,
--VD
- Verbose date patterns/regex in output
- -D,
--debuggex
- Produce debuggex.com urls for debugging there
- --print-no-missed
- Do not print any missed lines
- --print-no-ignored
- Do not print any ignored lines
- --print-all-matched
- Print all matched lines
- --print-all-missed
- Print all missed lines, no matter how many
- --print-all-ignored
- Print all ignored lines, no matter how many
- -t,
--log-traceback
- Enrich log-messages with compressed tracebacks
- --full-traceback
- Either to make the tracebacks full, not compressed (as by default)
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many
contributions by Yaroslav O. Halchenko and Steven Hiscocks.
Report bugs to https://github.com/fail2ban/fail2ban/issues
Copyright © 2004-2008 Cyril Jaquier, 2008- Fail2Ban
Contributors
Copyright of modifications held by their respective authors. Licensed under
the GNU General Public License v2 (GPL).