|
1
|
|
|
<?php declare(strict_types=1); |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* ___ _ |
|
5
|
|
|
* | _ \__ _ _ _ __| |___ __ _ |
|
6
|
|
|
* | _/ _` | '_(_-< / _ \/ _` | |
|
7
|
|
|
* |_| \__,_|_| /__/_\___/\__, | |
|
8
|
|
|
* |___/ |
|
9
|
|
|
* |
|
10
|
|
|
* (c) Kristuff <[email protected]> |
|
11
|
|
|
* |
|
12
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
13
|
|
|
* file that was distributed with this source code. |
|
14
|
|
|
* |
|
15
|
|
|
* @version 0.7.2 |
|
16
|
|
|
* @copyright 2017-2021 Kristuff |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Kristuff\Parselog\Software; |
|
20
|
|
|
|
|
21
|
|
|
use Kristuff\Parselog\Core\LogEntryFactoryInterface; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Sample log line (fail2ban v0.10.2) |
|
25
|
|
|
* 2020-08-15 10:11:15,839 fail2ban.actions [6924]: NOTICE [_apache_hack] Ban 1.2.3.4 |
|
26
|
|
|
* 2020-08-14 10:44:57,101 fail2ban.utils [6924]: Level 39 7f3d4c0a78c8 -- exec: [\'f2bV_matches=$0 \n/usr/sbin/abuseipdb -R "1.2.3.4" -c "11" -m "$f2bV_matches"', \'Aug 14 10:44:54 kristuff postfix/smtpd[15598]: NOQUEUE: reject: RCPT from unknown[1.2.3.4] 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-6HF4HIGXJRE>\'] |
|
27
|
|
|
*/ |
|
28
|
|
|
class Fail2BanLogParser extends SoftwareLogParser |
|
29
|
|
|
{ |
|
30
|
|
|
/** |
|
31
|
|
|
* Constructor |
|
32
|
|
|
* |
|
33
|
|
|
* @access public |
|
34
|
|
|
* @param string $format |
|
35
|
|
|
* @param LogEntryFactoryInterface $factory |
|
36
|
|
|
* |
|
37
|
|
|
* @return void |
|
38
|
|
|
*/ |
|
39
|
|
|
public function __construct(string $format = null, LogEntryFactoryInterface $factory = null) |
|
40
|
|
|
{ |
|
41
|
|
|
$this->software = 'Fail2ban'; |
|
42
|
|
|
$this->prettyName = 'Fail2ban'; |
|
43
|
|
|
$this->addFormat('default', '%t %s %p %l %j %m'); |
|
44
|
|
|
$this->defaultFormat = '%t %s %p %l %j %m'; |
|
45
|
|
|
$this->timeFormat = 'Y-m-d'; |
|
46
|
|
|
|
|
47
|
|
|
$this->addPath("/var/log/"); |
|
48
|
|
|
$this->addFile("fail2ban.log"); |
|
49
|
|
|
|
|
50
|
|
|
$this->addPattern('%t', '(?P<time>[\d \-:]+)(,\d+)'); |
|
51
|
|
|
$this->addPattern('%s', '(?P<service>[\w\d\. :]+(|\s+))'); |
|
52
|
|
|
$this->addPattern('%p', '\[(?P<pid>\d+)\]:'); |
|
53
|
|
|
$this->addPattern('%l ', '(?P<level>(Level \d+|DEBUG|INFO|NOTICE|WARNING|ERROR|CRITICAL)(:|\s+))'); |
|
54
|
|
|
$this->addPattern('%j ', '(\[(?P<jail>\S+)\] )?'); |
|
55
|
|
|
$this->addPattern('%m', '(?P<message>.+)'); |
|
56
|
|
|
|
|
57
|
|
|
parent::__construct($format, $factory); |
|
58
|
|
|
} |
|
59
|
|
|
} |
kristuff /
parselog
