New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFE]: expose "Found <IP>" via API #3548
Comments
Just by the way, may be this RFE will be also interesting here - #2304 (especially see #2304 (comment))
Why cron? Fail2ban has recidive jail (however it's rudiment but anyway), which filter currently monitors fail2ban.log for bans to find recidive, but one can rewrite its failregex to consider |
https://github.com/WKnak/fail2ban-block-ip-range supports (dnamic) aggregation of found IPs into network up to /24. "recidive" jail only supports blocking of 1 particular IP. Since I've introduced this in addition with watching postfix/postscreen jails, it reduced traffic on related ports and also postfix log lines a lot. |
I want to improve https://github.com/WKnak/fail2ban-block-ip-range which is currently screening last 1000 log lines of fail2ban output for "Found" entries and act. This is some kind of inefficient when doing every 5 minutes via cron or systemd timer.
I've checked the content of fail2ban's SQLite datebase and only found information of banned IPs inside.
I assume the list of "Found " only stored in memory, so is it possible to expose this via client somehow like
fail2ban-client get <JAIL> foundip [<SEP>|--with-time]
similar to the 'banip' selector?
The text was updated successfully, but these errors were encountered: