Checking Fail2ban regex

I’ve just stumbled across a great command in Fail2ban to check whether or not your filter will actually score a hit from your log file.
From the command line.

$ fail2ban-regex /path/to/logfile /etc/fail2ban/filter.d/myfilter.conf regex_to_ignore

As an example.

$ fail2ban-regex /var/log/secure.log /etc/fail2ban/filter.d/sshd.conf (myusername|myIPaddress)

This seems like a great way to test whether changes to your filters are correct, rather than just waiting to see if anything shows up in fail2ban.log.

Filed under: code, osx-serverTagged with: , ,

1 Comment

  1. Worth noting that the ignore-regex is not picked up from the filter.conf file when one is used. It needs to be quoted separately in the command line as the optional 4th parameter.


Comments are closed for this article!