Provided by: fail2ban_1.1.0-7_all
NAME
fail2ban-regex - test Fail2ban "failregex" option
SYNOPSIS
fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]
DESCRIPTION
Fail2Ban reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. This tools can test regular expressions for "fail2ban". LOG: string a string representing a log line filename path to a log file (/var/log/auth.log) systemd-journal search systemd journal (systemd-python required), optionally with backend parameters, see `man jail.conf` for usage and examples (systemd-journal[journalflags=1]). REGEX: string a string representing a 'failregex' filter name of filter, optionally with options (sshd[mode=aggressive]) filename path to a filter file (filter.d/sshd.conf) IGNOREREGEX: string a string representing an 'ignoreregex' filename path to a filter file (filter.d/sshd.conf)
OPTIONS
--version show program's version number and exit -h, --help show this help message and exit -c CONFIG, --config=CONFIG set alternate config directory -d DATEPATTERN, --datepattern=DATEPATTERN set custom pattern used to match date/times --timezone=TIMEZONE, --TZ=TIMEZONE set time-zone used by convert time format -e ENCODING, --encoding=ENCODING File encoding. Default: system locale -r, --raw Raw hosts, don't resolve dns --usedns=USEDNS DNS specified replacement of tags <HOST> in regexp ('yes' - matches all form of hosts, 'no' - IP addresses only) -L MAXLINES, --maxlines=MAXLINES maxlines for multi-line regex. -m JOURNALMATCH, --journalmatch=JOURNALMATCH journalctl style matches overriding filter file. "systemd-journal" only -l LOG_LEVEL, --log-level=LOG_LEVEL Log level for the Fail2Ban logger to use -V get version in machine-readable short format -v, --verbose Increase verbosity --verbosity=VERBOSE Set numerical level of verbosity (0..4) --verbose-date, --VD Verbose date patterns/regex in output -D, --debuggex Produce debuggex.com urls for debugging there --no-check-all Disable check for all regex's -o OUT, --out=OUT Set token to print failure information only (row, id, ip, msg, host, ip4, ip6, dns, matches, ...) --print-no-missed Do not print any missed lines --print-no-ignored Do not print any ignored lines --print-all-matched Print all matched lines --print-all-missed Print all missed lines, no matter how many --print-all-ignored Print all ignored lines, no matter how many -t, --log-traceback Enrich log-messages with compressed tracebacks --full-traceback Either to make the tracebacks full, not compressed (as by default)
AUTHOR
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many contributions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester (sebres).
REPORTING BUGS
Report bugs to https://github.com/fail2ban/fail2ban/issues
COPYRIGHT
Copyright © 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors Copyright of modifications held by their respective authors. Licensed under the GNU General Public License v2 (GPL).
SEE ALSO
fail2ban-client(1) fail2ban-server(1) jail.conf(5)