Hello,

Thanks for reply,

On 14 Ԧ 2011, at 9:06 .., Bartosz Dziewoski wrote:

> I re-read your mail and realized that I don't really understand what
> you're trying to accomplish, and my previous mail wasn't probably
> really useful. Sorry.

I don't blame you for that, neither would I probably.

> 
> -- Matma Rex
> 



Here's a better explanation:

-------------------------------------

$ sed 's/[0-9]\{1,3\}\(\.[0-9]\{1,3\}\)\{3\}/(127.0.0.1)/' <fail2ban.log > fail2ban.log
$ cat fail2ban.log

2011-08-07 23:32:09,210 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-08-07 23:32:09,237 fail2ban.jail   : INFO   Creating new jail 'ssh-ipfw'
2011-08-07 23:32:09,239 fail2ban.jail   : INFO   Jail 'ssh-ipfw' uses poller
2011-08-07 23:32:09,373 fail2ban.filter : INFO   Added logfile = /var/log/secure.log
2011-08-07 23:32:09,376 fail2ban.filter : INFO   Set maxRetry = 3
2011-08-07 23:32:09,379 fail2ban.filter : INFO   Set findtime = 600
2011-08-07 23:32:09,381 fail2ban.actions: INFO   Set banTime = 600
2011-08-07 23:32:09,659 fail2ban.jail   : INFO   Jail 'ssh-ipfw' started
2011-08-08 07:37:00,199 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-08 07:37:04,328 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-08 07:47:00,650 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-08 07:47:05,248 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-09 00:25:38,918 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-09 00:35:39,631 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-09 03:58:18,229 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-09 04:08:18,904 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-09 06:04:18,785 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-09 06:14:19,403 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-09 09:43:32,351 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-09 09:53:32,964 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-09 23:07:48,462 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-09 23:17:49,334 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-09 23:37:50,235 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-09 23:47:50,446 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-10 02:09:32,868 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-10 02:19:33,067 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-10 13:41:46,288 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-10 13:51:47,117 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-10 22:50:44,647 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-10 23:00:45,106 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-10 23:18:48,976 fail2ban.actions: WARNING [ssh-ipfw] Ban 127.0.0.1
2011-08-10 23:28:49,140 fail2ban.actions: WARNING [ssh-ipfw] Unban 127.0.0.1
2011-08-11 07:32:36,636 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-08-11 07:32:36,664 fail2ban.jail   : INFO   Creating new jail 'ssh-ipfw'
2011-08-11 07:32:36,666 fail2ban.jail   : INFO   Jail 'ssh-ipfw' uses poller
2011-08-11 07:32:36,800 fail2ban.filter : INFO   Added logfile = /var/log/secure.log
2011-08-11 07:32:36,802 fail2ban.filter : INFO   Set maxRetry = 3
2011-08-11 07:32:36,806 fail2ban.filter : INFO   Set findtime = 600
2011-08-11 07:32:36,808 fail2ban.actions: INFO   Set banTime = 600
2011-08-11 07:32:36,974 fail2ban.jail   : INFO   Jail 'ssh-ipfw' started  
 

$ cat myzonereport.rb

#!/usr/bin/env ruby

# encoding: UTF-8

# ZoneReport version v.02-alpha
# atma / convalesco.org

#require 'socket'

class Myzonereport
  attr_reader :logfile
  
  def initialize(logfile)
    raise "No fail2ban log file found!" if (logfile.empty?)
    @logfile = logfile
    @list = Hash.new
  end
  
  def readlog
    puts "I can't read the log file" unless (File.readable?(@logfile) || File.empty?(@logfile))
    log = File.read(@logfile)
    log.scan(/^(\d{4}-\d\d-\d\d).*?(\d{2}:\d{2}:\d{2},\d{3}).*?(Ban).*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/).each do |date, time, string, ip|
        puts "id: #{time} | date: #{date} | IP: #{ip}"
    end
  end
  
  def rename
    time = Time.new
    date = time.strftime("%Y-%m-%d")
    if (File.exists?(@logfile) && File.readable?(@logfile))
      File.rename(@logfile, @logfile + "-" + date + '.log')
      File.new(@logfile)
    else
      puts "File '#{@logfile}' does not exist or it's not readable!"
    end
  end
  
  
  
end

x = Myzonereport.new('fail2ban.log')
puts x.readlog%                            
 

$ ruby myzonereport.rb

atma@angel:/Volumes/atmosx/Programming/test/ > ruby myzonereport.rb 
id: 07:37:00,199 | date: 2011-08-08 | IP: 127.0.0.1
id: 07:37:04,328 | date: 2011-08-08 | IP: 127.0.0.1
id: 00:25:38,918 | date: 2011-08-09 | IP: 127.0.0.1
id: 03:58:18,229 | date: 2011-08-09 | IP: 127.0.0.1
id: 06:04:18,785 | date: 2011-08-09 | IP: 127.0.0.1
id: 09:43:32,351 | date: 2011-08-09 | IP: 127.0.0.1
id: 23:07:48,462 | date: 2011-08-09 | IP: 127.0.0.1
id: 23:37:50,235 | date: 2011-08-09 | IP: 127.0.0.1
id: 02:09:32,868 | date: 2011-08-10 | IP: 127.0.0.1
id: 13:41:46,288 | date: 2011-08-10 | IP: 127.0.0.1
id: 22:50:44,647 | date: 2011-08-10 | IP: 127.0.0.1
id: 23:18:48,976 | date: 2011-08-10 | IP: 127.0.0.1
2011-08-08
07:37:00,199
Ban
127.0.0.1
2011-08-08
07:37:04,328
Ban
127.0.0.1
2011-08-09
00:25:38,918
Ban
127.0.0.1
2011-08-09
03:58:18,229
Ban
127.0.0.1
2011-08-09
06:04:18,785
Ban
127.0.0.1
2011-08-09
09:43:32,351
Ban
127.0.0.1
2011-08-09
23:07:48,462
Ban
127.0.0.1
2011-08-09
23:37:50,235
Ban
127.0.0.1
2011-08-10
02:09:32,868
Ban
127.0.0.1
2011-08-10
13:41:46,288
Ban
127.0.0.1
2011-08-10
22:50:44,647
Ban
127.0.0.1
2011-08-10
23:18:48,976
Ban
127.0.0.1

-------------------------------------

I would like to output to be just:

id: 07:37:00,199 | date: 2011-08-08 | IP: 127.0.0.1
id: 07:37:04,328 | date: 2011-08-08 | IP: 127.0.0.1
id: 00:25:38,918 | date: 2011-08-09 | IP: 127.0.0.1
id: 03:58:18,229 | date: 2011-08-09 | IP: 127.0.0.1
id: 06:04:18,785 | date: 2011-08-09 | IP: 127.0.0.1
id: 09:43:32,351 | date: 2011-08-09 | IP: 127.0.0.1
id: 23:07:48,462 | date: 2011-08-09 | IP: 127.0.0.1
id: 23:37:50,235 | date: 2011-08-09 | IP: 127.0.0.1
id: 02:09:32,868 | date: 2011-08-10 | IP: 127.0.0.1
id: 13:41:46,288 | date: 2011-08-10 | IP: 127.0.0.1
id: 22:50:44,647 | date: 2011-08-10 | IP: 127.0.0.1
id: 23:18:48,976 | date: 2011-08-10 | IP: 127.0.0.1


Hope this example makes the issue more clear.

Best Regards!


--
Panagiotis Atmatzidis

personal: atma / convalesco.org
lists: ml / convalesco.org
blog: http://www.convalesco.org

The wise man said: "Never argue with an idiot. They bring you down to their level and beat you with experience."