Last active
March 12, 2021 15:38
-
-
Save lucamauri/e121d2ff1bfc65f3366f5505f7d1f6e1 to your computer and use it in GitHub Desktop.
Fail2Ban format description for LNav utility
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://lnav.org/schemas/format-v1.schema.json", | |
| "fail2ban_log": { | |
| "title": "Fail2Ban Actions Log", | |
| "description": "The log that summarizes the actions of Fail2Ban application.", | |
| "url": "https://www.fail2ban.org/", | |
| "multiline": false, | |
| "regex": { | |
| "f2b-found": { | |
| "pattern": "(?<timestamp>.*) (?<module>fail2ban)\\.(?<feature>.*[^ ])[ \\t]+\\[.*\\]\\: (?<level>.*[^ ])[ \\t]+.* \\[(?<service>.*)\\] (?<action>Found) (?<host>\\S+)" | |
| }, | |
| "f2b-ban": { | |
| "pattern": "(?<timestamp>.*) (?<module>fail2ban)\\.(?<feature>.*[^ ])[ \\t]+\\[.*\\]\\: (?<level>.*[^ ])[ \\t]+.* \\[(?<service>.*)\\] (?<action>Ban) (?<host>\\S+)" | |
| }, | |
| "f2b-unban": { | |
| "pattern": "(?<timestamp>.*) (?<module>fail2ban)\\.(?<feature>.*[^ ])[ \\t]+\\[.*\\]\\: (?<level>.*[^ ])[ \\t]+.* \\[(?<service>.*)\\] (?<action>Unban) (?<host>\\S+)" | |
| } | |
| }, | |
| "body-field": "feature", | |
| "level-field": "level", | |
| "module-field": "module", | |
| "level": { | |
| "info": "INFO", | |
| "warning": "NOTICE" | |
| }, | |
| "value": { | |
| "feature": { | |
| "kind": "string", | |
| "identifier": true, | |
| "description": "The Fail2Ban feature in action" | |
| }, | |
| "host": { | |
| "kind": "string", | |
| "collate": "ipaddress", | |
| "identifier": true, | |
| "description": "The client IP address" | |
| }, | |
| "action": { | |
| "kind": "string", | |
| "identifier": true, | |
| "description": "The action being performed by Fail2Ban" | |
| }, | |
| "service": { | |
| "kind": "string", | |
| "identifier": true, | |
| "description": "The service that generated the entry" | |
| } | |
| }, | |
| "sample": [ | |
| { | |
| "line": "2021-03-07 00:02:35,052 fail2ban.actions [517]: NOTICE [sshd] Ban 221.181.185.143", | |
| "level": "warning" | |
| }, | |
| { | |
| "line": "2021-03-07 00:06:06,331 fail2ban.filter [517]: INFO [sshd] Found 49.234.219.217 - 2021-03-07 00:06:05", | |
| "level": "info" | |
| }, | |
| { | |
| "line": "2021-03-07 00:11:37,892 fail2ban.actions [517]: NOTICE [sshd] Unban 222.93.19.206", | |
| "level": "info" | |
| } | |
| ] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment