team
/
fail2ban-analyze
4
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: team:main
Branches Tags
team:main
..
compare: team:89728fdcbe5d33918654068653749590d89288b3
Branches Tags
team:main

No commits in common. "main" and "89728fdcbe5d33918654068653749590d89288b3" have entirely different histories.
main ... 89728fdcbe

2 changed files with 1 additions and 20 deletions
Show Stats Expand all files Collapse all files

17
README.md
View File

@ -1,17 +0,0 @@
# Fail2ban Analyze
Analyze fail2ban logs to find most common ip's and plot histogram of access rates.
## Example usage
Plot the histogram of the access hits
```
zcat -f /var/log/fail2ban.log* | ./fail2ban-analyze.py histogram
```
Rank IPs by bans, first 20 results
```
zcat -f /var/log/fail2ban.log* | ./fail2ban-analyze.py rank 4 --only-bans --count 20
```
Rank all IPs by bans, clobber by first 2 subnets
```
zcat -f /var/log/fail2ban.log* | ./fail2ban-analyze.py rank 2 --only-bans --count 20
```

4
fail2ban-analyze.py → main.py
View File

@ -75,9 +75,7 @@ else:
num_buckets = (max_date - min_date).total_seconds() / (bucket_size * 3600) num_buckets = (max_date - min_date).total_seconds() / (bucket_size * 3600)
num_buckets = max(1, int(num_buckets)) num_buckets = max(1, int(num_buckets))
counts, bin_edges = np.histogram(timestamps, bins=num_buckets) counts, bin_edges = np.histogram(timestamps, bins=num_buckets)
ts_edges = [datetime.fromtimestamp(t) for t in bin_edges]
labels = [x[0].strftime('%Y-%m-%d %H:%M - ') + x[1].strftime('%Y-%m-%d %H:%M') for x in zip(ts_edges[:-1], ts_edges[1:])]
fig = tpl.figure() fig = tpl.figure()
fig.barh(counts, labels) fig.hist(counts, bin_edges)
fig.show() fig.show()