Last active
August 10, 2018 04:40
-
-
Save ph1ash/3353d473656dd195a709a8f27a261872 to your computer and use it in GitHub Desktop.
Python3 script to geo-locate fail2ban logs and then JSONify the data. NOTE: Depends on the command 'geoiplookup'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import json | |
| import subprocess | |
| logFile = '/var/log/fail2ban.log' | |
| banList = [] | |
| banListGeo = {} | |
| with open(logFile) as f: | |
| content = f.readlines() | |
| for line in content: | |
| if 'Ban' in line: | |
| fields = line.strip().split() | |
| banList.append(fields[7]) | |
| result = subprocess.run(["geoiplookup", fields[7]], stdout=subprocess.PIPE) | |
| country = result.stdout.strip().split()[4].decode("utf-8") | |
| if country not in banListGeo: | |
| banListGeo[country] = 1 | |
| else: | |
| banListGeo[country] += 1 | |
| print(json.dumps(banListGeo)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment