My logs go to /var/log/messages so something like:egrep 'fail2.*NOTICE' /var/log/messages*will go back over all your logs picking out the bans and unbans. It can be refined if you want bans only. Nick On 19/10/2015 20:12, Bond Masuda wrote:
I'm using fail2ban on my server; mainly for stuff like ssh, imap, apache, etc. I'm working on another tool that tries to detect intrusions, and I want to be able to see if the IP address was previously banned by fail2ban, how long ago, and for what (which filter)?Is it possible to find this information after an IP address has been unbanned due to timeout? Thanks. ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
