Skip to content

Instantly share code, notes, and snippets.

@ph1ash
Last active August 10, 2018 04:40
Show Gist options
  • Save ph1ash/3353d473656dd195a709a8f27a261872 to your computer and use it in GitHub Desktop.
Save ph1ash/3353d473656dd195a709a8f27a261872 to your computer and use it in GitHub Desktop.
Python3 script to geo-locate fail2ban logs and then JSONify the data. NOTE: Depends on the command 'geoiplookup'
#!/usr/bin/python3
import json
import subprocess
logFile = '/var/log/fail2ban.log'
banList = []
banListGeo = {}
with open(logFile) as f:
content = f.readlines()
for line in content:
if 'Ban' in line:
fields = line.strip().split()
banList.append(fields[7])
result = subprocess.run(["geoiplookup", fields[7]], stdout=subprocess.PIPE)
country = result.stdout.strip().split()[4].decode("utf-8")
if country not in banListGeo:
banListGeo[country] = 1
else:
banListGeo[country] += 1
print(json.dumps(banListGeo))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment