I would say, you should only call
 x.readlog
and not
 puts x.readlog

You call put in the method which gives you the desired output. The 'raw'
output is the return value of the readlog method, which you don't want to b=
e
printed.


2011/8/14 Panagiotis Atmatzidis <ml / convalesco.org>

> Greeting to everyone from Greece!
>
> I'm writing a string which will make a list of 'fail2ban.log' captured IP
> addresses dump them into SQLite and them display some statistics via
> Sinatra. I'm using scan() method to grab the needed lines. The lines I'd
> like to grab are like this:
> --
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Ban
> 78.xxx.xxx.17x
> --
> Although these are ssh brute-force login attempts I'd switch numbers with
> 'x' letters in the above sample.
>
> A typical fail2ban.log file is like this:
>
> --
> 2011-07-23 02:03:50,741 fail2ban.server : INFO   Changed logging target t=
o
> /var/log/fail2ban.log for Fail2ban v0.8.4
> 2011-07-23 02:03:50,743 fail2ban.jail   : INFO   Creating new jail
> 'ssh-ipfw'
> 2011-07-23 02:03:50,745 fail2ban.jail   : INFO   Jail 'ssh-ipfw' uses
> poller
> 2011-07-23 02:03:50,853 fail2ban.filter : INFO   Added logfile =3D
> /var/log/secure.log
> 2011-07-23 02:03:50,856 fail2ban.filter : INFO   Set maxRetry =3D 3
> 2011-07-23 02:03:50,859 fail2ban.filter : INFO   Set findtime =3D 600
> 2011-07-23 02:03:50,861 fail2ban.actions: INFO   Set banTime =3D 600
> 2011-07-23 02:03:51,030 fail2ban.jail   : INFO   Jail 'ssh-ipfw' started
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Ban
> 78.xxx.xxx.17x
> 2011-07-23 02:14:51,441 fail2ban.actions: WARNING [ssh-ipfw] Unban
> 78.xxx.xxx.17x
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Ban <ip>
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Ban <ip>
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Ban <ip>
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Unban  <ip>
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Unban  <ip>
> 2011-07-23 02:04:51,107 fail2ban.actions: WARNING [ssh-ipfw] Unban  <ip>
> --
>
> Here is my script so far:
>
> class Myzonereport
>  attr_reader :logfile
>
>  def initialize(logfile)
>   raise "No fail2ban log file found!" if (logfile.empty?)
>   @logfile =3D logfile
>  end
>
>  def readlog
>   puts "I can't read the log file" unless (File.readable?(@logfile) ||
> File.empty?(@logfile))
>   log =3D File.read(@logfile)
>
> log.scan(/^(\d{4}-\d\d-\d\d).*?(\d{2}:\d{2}:\d{2},\d{3}).*?(Ban).*?(\d{1,=
3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/).each
> do |date, time, string, ip|
>       puts "id: #{time} | date: #{date} | IP: #{ip}"
>   end
>  end
>
> end
>
> x =3D Myzonereport.new('fail2ban.log')
> puts x.readlog
>
>
> My problem though is that the output is printed 2 times. The first time i=
n
> the form I want using puts and a second time in 'raw mode'. Like this:
> --
> id: 23:37:50,235 | date: 2011-08-09 | IP: <ip>
> id: 02:09:32,868 | date: 2011-08-10 | IP: <ip>
>
> 2011-07-23
> 02:04:51,107
> Ban
> <ip>
> 2011-07-23
> 05:22:45,963
> Ban
> <ip>
> 2011-07-23
> 12:07:25,377
> Ban
> <ip>
> [=85]
>
> I can't tell why this happens. Should I use another method in order to gr=
ab
> the pattern I want? Is this scan's default behavior? I'm getting same
> results if I don't use any (puts or other) method in the loop.
>
> Best Regards & thanks in advance for your time
>
> --
> Panagiotis Atmatzidis
>
> personal: atma / convalesco.org
> lists: ml / convalesco.org
> blog: http://www.convalesco.org
>
> The wise man said: "Never argue with an idiot. They bring you down to the=
ir
> level and beat you with experience."
>
>
>
>
>
>
>