1FAIL2BAN-REGEX(1) User Commands FAIL2BAN-REGEX(1)
2
6 fail2ban-regex - test Fail2ban "failregex" option
7
9 fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]
10
12 Fail2Ban reads log file that contains password failure report and bans
13 the corresponding IP addresses using firewall rules.
14 This tools can test regular expressions for "fail2ban".
16 LOG:
18 string a string representing a log line
19 filename
21 path to a log file (/var/log/auth.log)
22 systemd-journal
24 search systemd journal (systemd-python required), optionally
25 with backend parameters, see `man jail.conf` for usage and exam‐
26 ples (systemd-journal[journalflags=1]).
27 REGEX:
29 string a string representing a 'failregex'
30 filter name of filter, optionally with options (sshd[mode=aggressive])
32 filename
34 path to a filter file (filter.d/sshd.conf)
35 IGNOREREGEX:
37 string a string representing an 'ignoreregex'
38 filename
40 path to a filter file (filter.d/sshd.conf)
41
43 --version
44 show program's version number and exit
45 -h, --help
47 show this help message and exit
48 -c CONFIG, --config=CONFIG
50 set alternate config directory
51 -d DATEPATTERN, --datepattern=DATEPATTERN
53 set custom pattern used to match date/times
54 --timezone=TIMEZONE, --TZ=TIMEZONE
56 set time-zone used by convert time format
57 -e ENCODING, --encoding=ENCODING
59 File encoding. Default: system locale
60 -r, --raw
62 Raw hosts, don't resolve dns
63 --usedns=USEDNS
65 DNS specified replacement of tags <HOST> in regexp ('yes' -
66 matches all form of hosts, 'no' - IP addresses only)
67 -L MAXLINES, --maxlines=MAXLINES
69 maxlines for multi-line regex.
70 -m JOURNALMATCH, --journalmatch=JOURNALMATCH
72 journalctl style matches overriding filter file. "systemd-jour‐
73 nal" only
74 -l LOG_LEVEL, --log-level=LOG_LEVEL
76 Log level for the Fail2Ban logger to use
77 -V get version in machine-readable short format
79 -v, --verbose
81 Increase verbosity
82 --verbosity=VERBOSE
84 Set numerical level of verbosity (0..4)
85 --verbose-date, --VD
87 Verbose date patterns/regex in output
88 -D, --debuggex
90 Produce debuggex.com urls for debugging there
91 --no-check-all
93 Disable check for all regex's
94 -o OUT, --out=OUT
96 Set token to print failure information only (row, id, ip, msg,
97 host, ip4, ip6, dns, matches, ...)
98 --print-no-missed
100 Do not print any missed lines
101 --print-no-ignored
103 Do not print any ignored lines
104 --print-all-matched
106 Print all matched lines
107 --print-all-missed
109 Print all missed lines, no matter how many
110 --print-all-ignored
112 Print all ignored lines, no matter how many
113 -t, --log-traceback
115 Enrich log-messages with compressed tracebacks
116 --full-traceback
118 Either to make the tracebacks full, not compressed (as by
119 default)
120
122 Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many contribu‐
123 tions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester
124 (sebres).
125
127 Report bugs to https://github.com/fail2ban/fail2ban/issues
128
130 Copyright © 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors
131 Copyright of modifications held by their respective authors. Licensed
132 under the GNU General Public License v2 (GPL).
133
135 fail2ban-client(1) fail2ban-server(1) jail.conf(5)
136fail2ban-regex 0.11.2 November 2020 FAIL2BAN-REGEX(1)