Maltrial - integration with Fail2ban

jail.local

; /etc/fail2ban/jail.local

[maltrail-iptables]
enabled = true
filter = maltrail
bantime = 31536000
action = iptables-allports[name=MALTRAIL, protocol=all]
;action = vesta[name=MALTRAIL]
echo "logpath  = /var/log/maltrail/$(ls -1t /var/log/maltrail | grep -E '^[^error.log]' | head -1)"
maxretry = 1

maltrial.conf

# /etc/fail2ban/filter.d/maltrial.conf
#
# Fail2Ban filter for maltrail
#

[Definition]
failregex = (.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) [0-9,]* ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* [0-9,]* (.*)
            (.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) \- ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* \- (.*)
ignoreregex =

maltrial_fail2ban

root@host:/etc/fail2ban/filter.d# fail2ban-regex /var/log/maltrail/2016-08-12.log /etc/fail2ban/filter.d/maltrial.conf  --print-all-missed

Running tests
=============

Use   failregex filter file : maltrial, basedir: /etc/fail2ban
Use         log file : /var/log/maltrail/2016-08-12.log
Use         encoding : UTF-8


Results
=======

Failregex: 548 total
|-  #) [# of hits] regular expression
|   1) [545] (.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) [0-9,]* ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* [0-9,]* (.*)
|   2) [3] (.*) (<HOST>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) \- ((?:[0-9]{1,3}\.){3}[0-9]{1,3}(|,))* \- (.*)
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [548] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-

Lines: 548 lines, 0 ignored, 548 matched, 0 missed [processed in 0.07 sec]