Small script to parse fail2ban's log files and extract the IP banned in

all log.
2014-12-05 10:25:23 +01:00 · 2014-12-05 10:25:23 +01:00 · 00e9c3e781
parent d0e710ba1e
commit 00e9c3e781
1 changed files with 43 additions and 0 deletions
--- a/block_list.sh
+++ b/block_list.sh
@ -0,0 +1,43 @@
+#!/bin/sh
+
+# Parse multiple fail2ban log files to list all the IP that should be banned.
+# The log files comes from many different host and we want a big block list.
+
+# The block list to create
+blk_list='/tmp/blk_list'
+
+log_path='/var/log/clients/fail2ban'
+
+rm -f "${blk_list}" && touch "${blk_list}"
+
+# Log files to analyze
+for log_file in $(find ${log_path} ! -iname "*.gz" -type f); do
+
+  #printf 'Analyze %s file\n' "${log_file}"
+
+  # Analyze the lines of this log file
+  while read -r line; do
+
+    #printf 'l: %s\n' "${line}"
+    # SAME
+    #awk '{print $"$line"}'
+
+    action=$(echo $line | awk '{ print $8 }')
+    ip=$(echo $line | awk '{ print $NF }')
+
+    case $action in
+      "Ban" )
+        printf '%s\n' "${ip}" >> "${blk_list}"
+        ;;
+      "Unban" )
+        #printf 'Unban %s\n' "${ip}"
+        sed -i '/'"${ip}"'/d' "${blk_list}"
+        ;;
+    esac
+
+  done < "${log_file}"
+
+  #printf 'Last action: %s\n' $action
+  #printf 'Last IP: %s\n' $ip
+
+done # End for log_file