I'm wondering may be it would be better to reassign this bug over to fwlogwatch which was crafted for the purpose of generating such reports? So probably it just needs few rules to parse fail2ban log files... or actually can be just used in fwban action
:-) what do you think?
> apt-cache show fwlogwatch
Package: fwlogwatch
Depends: postfix | mail-transport-agent, debconf (>= 1.2.0) | debconf-2.0,
sysklogd | system-log-daemon, libc6 (>= 2.3.6-6), zlib1g (>= 1:1.2.1)
Description: Firewall log analyzer
fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and
Cisco PIX log summary reports in text and HTML form and has a lot of
options to find and display relevant patterns in connection attempts. With
the data found it can also generate customizable incident reports from a
template and send them to abuse contacts at offending sites or CERT
coordination centers. Finally, it can also run as daemon and report
anomalies or start countermeasures.
Tag: devel::library, interface::daemon, role::sw:server,
security::log-analyzer, use::scanning, works-with::logfile
> also sprach Roel van der Made <[EMAIL PROTECTED]> [2006.06.21.1346 +0200]:
> > Indeed, the preparation option would be nice, I now see hosts
> > beeing blocked several times a day and nothing it beeing done with
> > it anymore, which is a shame I think.
> Do note that many of these attacks are auto-mounted. There is very
> little an ISP can do when they receive a complaint about a host that
> has been trojaned, unless their terms of contract require users to
> maintain secure systems, which is impossible to prove or verify.
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
pgpb736027ADb.pgp
Description: PGP signature
