team
/
fail2ban-analyze
4
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: team:89728fdcbe5d33918654068653749590d89288b3
Branches Tags
team:main
...
compare: team:main
Branches Tags
team:main

3 Commits
89728fdcbe ... main

Author SHA1 Message Date
Enrico Lumetti c0bfb4b0e1 Use -f option for zcat example 2021-09-17 23:55:52 +02:00
Enrico Lumetti 60ba7ad89c Add README 2021-09-17 23:54:02 +02:00
Enrico Lumetti 4f02522166 Better histogram 2021-09-17 23:50:53 +02:00
2 changed files with 20 additions and 1 deletions
Show Stats Expand all files Collapse all files

17
README.md Normal file
View File

@ -0,0 +1,17 @@
# Fail2ban Analyze
Analyze fail2ban logs to find most common ip's and plot histogram of access rates.
## Example usage
Plot the histogram of the access hits
```
zcat -f /var/log/fail2ban.log* | ./fail2ban-analyze.py histogram
```
Rank IPs by bans, first 20 results
```
zcat -f /var/log/fail2ban.log* | ./fail2ban-analyze.py rank 4 --only-bans --count 20
```
Rank all IPs by bans, clobber by first 2 subnets
```
zcat -f /var/log/fail2ban.log* | ./fail2ban-analyze.py rank 2 --only-bans --count 20
```

4
main.py → fail2ban-analyze.py
View File

@ -75,7 +75,9 @@ else:
num_buckets = (max_date - min_date).total_seconds() / (bucket_size * 3600) num_buckets = (max_date - min_date).total_seconds() / (bucket_size * 3600)
num_buckets = max(1, int(num_buckets)) num_buckets = max(1, int(num_buckets))
counts, bin_edges = np.histogram(timestamps, bins=num_buckets) counts, bin_edges = np.histogram(timestamps, bins=num_buckets)
ts_edges = [datetime.fromtimestamp(t) for t in bin_edges]
labels = [x[0].strftime('%Y-%m-%d %H:%M - ') + x[1].strftime('%Y-%m-%d %H:%M') for x in zip(ts_edges[:-1], ts_edges[1:])]
fig = tpl.figure() fig = tpl.figure()
fig.hist(counts, bin_edges) fig.barh(counts, labels)
fig.show() fig.show()