Hi Willi, Sorry for the delay... work work work ;-)
Please get a fresh version http://www.onerussian.com/Linux/fail2ban/logwatch/fail2ban.logwatch.7x.debian.20060508-1.tgz I adjusted parsing script to take care about those cases. Now with default detail level (5) those lines are summarized into: --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans Exim4: [ 0:1 ] 60.50.161.218 0:1 SSH: [ 1:1 ] 192.168.22.27 1:1 13 faulty iptables invocation(s) 1 fail2ban rules reinitialization(s) ---------------------- fail2ban-messages End ------------------------- On high detail level (>5) we get more information: --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans Exim4: [ 0:1 ] 60.50.161.218 0:1 SSH: [ 1:1 ] 192.168.22.27 1:1 Failed 5 7 times 1 Duplicate Ban attempts 1 ReBans due to rules reinitilizations 13 faulty iptables invocation(s): 2006-05-08 14:22:58,554 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 2006-05-08 14:22:58,555 ERROR: Execution of command 'iptables -L INPUT | grep -q fail2ban-SSH' failed 2006-05-08 14:22:58,683 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-ApacheAttacks 2006-05-08 14:22:58,731 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-ApacheAttacks 2006-05-08 14:22:58,778 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-ApacheAttacks 2006-05-08 14:22:58,824 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-ApacheAttacks 2006-05-08 14:22:58,918 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-Apache 2006-05-08 14:22:58,965 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-Apache 2006-05-08 14:22:59,011 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-Apache 2006-05-08 14:22:59,059 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-Apache 2006-05-08 14:22:59,107 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-Apache 2006-05-08 14:22:59,247 ERROR: 'iptables -D INPUT -p tcp --dport http -j fail2ban-ApacheAttacksGB 2006-05-08 14:22:59,280 ERROR: 'iptables -D fail2ban-SSH -s '192.168.22.27' -j DROP' returned 256 2006-05-08 14:22:59,326 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH 1 fail2ban rules reinitialization(s) ---------------------- fail2ban-messages End ------------------------- I hope this would be better ;-) Thank you in advance On Tue, 02 May 2006, Willi Mann wrote: > Yaroslav Halchenko schrieb: > >Hi Willi, > >Sorry for a slight delay. I reshaped the files a bit (corrected > >attributions and added licensing statement in both scripts, left config > >files without explicit licensing statements) > >I hope they are ok now > Yes, thanks. Available from > deb http://pkg-logwatch.alioth.debian.org/apt sid main > or > http://pkg-logwatch.alioth.debian.org/apt/pool/main/l/logwatch/logwatch_7.3-0test2.2_all.deb > There are some unmatched entries, which should be ignored or reported: > 5 ERROR: Execution of command 'iptables -L INPUT | grep -q fail2ban-SSH' > failed > 5 ERROR: 'iptables -D fail2ban-SSH -s 'a.b.c.d' -j DROP' returned 256 > 5 ERROR: 'iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH > 5 ERROR: 'iptables -L INPUT | grep -q fail2ban-SSH' returned 256 > 5 ERROR: SSH: a.b.c.d already in ban list > 4 WARNING: #1 reinitialization of firewalls > 1 WARNING: #2 reinitialization of firewalls > 5 WARNING: is not a valid IP address > 5 WARNING: SSH: ReBan a.b.c.d > (the first number is the number of occurences when I used range all on one > machine.) > Can you add the code to handle them? I'm not which to ignore and which to > handle. > Willi -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
pgprBSNWkX0ck.pgp
Description: PGP signature
