Create a gist now

Instantly share code, notes, and snippets.

#!/bin/bash
# get a country statistic for Fail2Ban blocks:
# this just accounts for IPs once. Multiple failed attempts by one IP just show up once for a country.
for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort | uniq | cut -d ' ' -f 1 | grep "\."`;
do
echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ;
done
cat fail2ban_ctry.log | sed 's/country: //g' |sort | uniq -c | sort -nr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment