Dr Fragen in the operating room

Checking Fail2ban regex


I’ve just stumbled across a great command in Fail2ban to check whether or not your filter will actually score a hit from your log file.
From the command line.
[code lang=bash]
$ fail2ban-regex /path/to/logfile /etc/fail2ban/filter.d/myfilter.conf regex_to_ignore
As an example.
[code lang=bash]
$ fail2ban-regex /var/log/secure.log /etc/fail2ban/filter.d/sshd.conf (myusername|myIPaddress)
This seems like a great way to test whether changes to your filters are correct, rather than just waiting to see if anything shows up in fail2ban.log.


One response to “Checking Fail2ban regex”

  1. Mark White Avatar

    Worth noting that the ignore-regex is not picked up from the filter.conf file when one is used. It needs to be quoted separately in the command line as the optional 4th parameter.