Checking Fail2ban regex

I’ve just stumbled across a great command in Fail2ban to check whether or not your filter will actually score a hit from your log file.
From the command line.
[code lang=bash]
$ fail2ban-regex /path/to/logfile /etc/fail2ban/filter.d/myfilter.conf regex_to_ignore
[/code]
As an example.
[code lang=bash]
$ fail2ban-regex /var/log/secure.log /etc/fail2ban/filter.d/sshd.conf (myusername|myIPaddress)
[/code]
This seems like a great way to test whether changes to your filters are correct, rather than just waiting to see if anything shows up in fail2ban.log.

1 thought on “Checking Fail2ban regex

  1. Worth noting that the ignore-regex is not picked up from the filter.conf file when one is used. It needs to be quoted separately in the command line as the optional 4th parameter.

Comments are closed.