View Single Post
Old 25th May 2010, 12:27
MET MET is offline
Junior Member
Join Date: May 2010
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts

Originally Posted by make-fun View Post
What is the output of
grep -h "Ban " /var/log/fail2ban.log* | awk '{print $5,$1}' | sort | uniq -c
grep -h "already banned" /var/log/fail2ban.log* | awk '{print $5,$1}' | sort | uniq -c
grep -h "Unban " /var/log/fail2ban.log* | awk '{print $5,$1}' | sort | uniq -c
Do they match?
I'm not sure whether I understand these commands, but they didn't show anything on the CLI. It could also be that I made in the meantime a reload. After the attack I checked the files
host.deny this one was empty and host.allow contained the IP which attacked before. I interpreted this to be the result of the action command which unbaned with bantime = 600 the IP after 10 min.
Reply With Quote