Here is a tip that might help some people for forcing fail2ban to ban past logs, and also use for testing.
touch /var/log/fail2ban-jail-testing.log chmod 640 /var/log/fail2ban-jail-testing.log #****** cat > /etc/fail2ban/filter.d/testing.conf << "EOF" # Use this for testing different jail config settings without having to mess up other jail configs. [Init] [Definition] failregex = your regex here ignoreregex = EOF #****** #**** cat >> /etc/fail2ban/jail.local << "EOF" [testing] enabled = true port = http,https logpath = /var/log/fail2ban-jail-testing.log maxretry = 2 findtime = 7776000 bantime = 1000 # Used for testing and / or running against older logs EOF #**** # Then edit to suit your needs. fail2ban-client reload cat /var/log/whateverlog >> /var/log/fail2ban-jail-testing.log # When your done, just zero out the log file, and leave all of testing in tact for the next time you need it : echo "" > /var/log/fail2ban-jail-testing.log Wayne Sallee wa...@waynesallee.com http://www.WayneSallee.com _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
