1
|
|
|
<?php declare(strict_types=1); |
2
|
|
|
|
3
|
|
|
/** |
4
|
|
|
* ___ _ |
5
|
|
|
* | _ \ __ _ _ _ ___ ___ | | ___ __ _ |
6
|
|
|
* | _// _` || '_|(_-</ -_)| |/ _ \/ _` | |
7
|
|
|
* |_| \__,_||_| /__/\___||_|\___/\__, | |
8
|
|
|
* |___/ |
9
|
|
|
* |
10
|
|
|
* (c) Kristuff <[email protected]> |
11
|
|
|
* |
12
|
|
|
* For the full copyright and license information, please view the LICENSE |
13
|
|
|
* file that was distributed with this source code. |
14
|
|
|
* |
15
|
|
|
* @version 0.2.0 |
16
|
|
|
* @copyright 2017-2020 Kristuff |
17
|
|
|
*/ |
18
|
|
|
|
19
|
|
|
namespace Kristuff\Parselog\Software; |
20
|
|
|
|
21
|
|
|
use Kristuff\Parselog\Core\LogEntryFactoryInterface; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* Sample log line (fail2ban v0.10.2) |
25
|
|
|
* 2020-08-15 10:11:15,839 fail2ban.actions [6924]: NOTICE [_apache_hack] Ban 51.159.19.61 |
26
|
|
|
* 2020-08-14 10:44:57,101 fail2ban.utils [6924]: Level 39 7f3d4c0a78c8 -- exec: [\'f2bV_matches=$0 \n/usr/sbin/abuseipdb -R "156.96.56.103" -c "11" -m "$f2bV_matches" >> /tmp/abuseipdb-ftb-last-command.txt\', \'Aug 14 10:44:54 kristuff postfix/smtpd[15598]: NOQUEUE: reject: RCPT from unknown[156.96.56.103] 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<WIN-6HF4HIGXJRE>\'] |
27
|
|
|
*/ |
28
|
|
|
class Fail2BanLogParser extends SoftwareLogParser |
29
|
|
|
{ |
30
|
|
|
/** |
31
|
|
|
* Constructor |
32
|
|
|
* |
33
|
|
|
* @access public |
34
|
|
|
* @param string $format |
35
|
|
|
* @param LogEntryFactoryInterface $factory |
36
|
|
|
* |
37
|
|
|
* @return void |
38
|
|
|
*/ |
39
|
|
|
public function __construct(string $format = null, LogEntryFactoryInterface $factory = null) |
40
|
|
|
{ |
41
|
|
|
$this->software = 'Fail2ban'; |
42
|
|
|
$this->prettyName = 'Fail2ban'; |
43
|
|
|
$this->addFormat('default', '%t %s %p %l %m'); |
44
|
|
|
$this->defaultFormat = '%t %s %p %l %m'; |
45
|
|
|
$this->addPath("/var/log/"); |
46
|
|
|
$this->addFile("fail2ban.log"); |
47
|
|
|
// '%d' => '(?P<date>[\d \-,:]+)', |
48
|
|
|
$this->addColumn('%t', 'time', 'Date', '(?P<time>[\d \-:]+)(,\d+)'); |
49
|
|
|
$this->addColumn('%s', 'service', 'Service', '(?P<service>[\w\d\. :]+(|\s+))'); |
50
|
|
|
$this->addColumn('%p', 'pid', 'PID', '\[(?P<pid>\d+)\]:'); |
51
|
|
|
$this->addColumn('%l', 'level', 'Level', '(?P<level>(Level \d+|DEBUG|INFO|NOTICE|WARNING|ERROR|CRITICAL)(|\s+))'); |
52
|
|
|
$this->addColumn('%m', 'message', 'Message', '(?P<message>.+)'); |
53
|
|
|
|
54
|
|
|
parent::__construct($format, $factory); |
55
|
|
|
} |
56
|
|
|
} |