fail2ban-regex - Man Page

test Fail2ban "failregex" option

Synopsis

fail2ban-regex [Options] <Log> <Regex> [Ignoreregex]

Description

Fail2Ban  reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules.

This tools can test regular expressions for "fail2ban".

Log

string

a string representing a log line

filename

path to a log file (/var/log/auth.log)

systemd-journal

search systemd journal (systemd-python required), optionally with backend parameters, see `man jail.conf` for usage and examples (systemd-journal[journalflags=1]).

Regex

string

a string representing a 'failregex'

filter

name of filter, optionally with options (sshd[mode=aggressive])

filename

path to a filter file (filter.d/sshd.conf)

Ignoreregex

string

a string representing an 'ignoreregex'

filename

path to a filter file (filter.d/sshd.conf)

Options

--version

show program's version number and exit

-h,  --help

show this help message and exit

-c CONFIG, --config=CONFIG

set alternate config directory

-d DATEPATTERN, --datepattern=DATEPATTERN

set custom pattern used to match date/times

--timezone=TIMEZONE, --TZ=TIMEZONE

set time-zone used by convert time format

-e ENCODING, --encoding=ENCODING

File encoding. Default: system locale

-r,  --raw

Raw hosts, don't resolve dns

--usedns=USEDNS

DNS specified replacement of tags <HOST> in regexp ('yes' - matches all form of hosts, 'no' - IP addresses only)

-L MAXLINES, --maxlines=MAXLINES

maxlines for multi-line regex.

-m JOURNALMATCH, --journalmatch=JOURNALMATCH

journalctl style matches overriding filter file. "systemd-journal" only

-l LOG_LEVEL, --log-level=LOG_LEVEL

Log level for the Fail2Ban logger to use

-V

get version in machine-readable short format

-v,  --verbose

Increase verbosity

--verbosity=VERBOSE

Set numerical level of verbosity (0..4)

--verbose-date,  --VD

Verbose date patterns/regex in output

-D,  --debuggex

Produce debuggex.com urls for debugging there

--no-check-all

Disable check for all regex's

-o OUT, --out=OUT

Set token to print failure information only (row, id, ip, msg, host, ip4, ip6, dns, matches, ...)

--print-no-missed

Do not print any missed lines

--print-no-ignored

Do not print any ignored lines

--print-all-matched

Print all matched lines

--print-all-missed

Print all missed lines, no matter how many

--print-all-ignored

Print all ignored lines, no matter how many

-t,  --log-traceback

Enrich log-messages with compressed tracebacks

--full-traceback

Either to make the tracebacks full, not compressed (as by default)

Author

Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many contributions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester (sebres).

Reporting Bugs

Report bugs to https://github.com/fail2ban/fail2ban/issues

See Also

fail2ban-client(1) fail2ban-server(1) jail.conf(5)

Referenced By

fail2ban(1), fail2ban-testcases(1).

April 2024 fail2ban-regex 1.1.0