agresdominik/f2b_parser
1
0
Fork 0
mirror of https://github.com/agresdominik/f2b_parser.git synced 2026-04-21 18:05:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

added file size in metadata

Browse Source
This commit is contained in:
Dominik
2025-11-04 12:11:54 +01:00
parent d018b9bf1f
commit 321422d1d7
7 changed files with 118 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+87
View File
@@ -0,0 +1,87 @@
# Fail2Ban Log Parser
## About
This is a mini weekend project i did as one of my first steps in learning golang. The binary takes a f2b log file as input and a output directory as output, in which it creates a parsed.json and state.json file. Parsed.json contains the logs in a structured file and state.json is the metadata used to track at which point the parser last checked and if the file rolled over (log files tend to wipe after a certain amount of rows or create copies of themselfes while wiping their contents.)
## Usage
To build the project run
```bash
make build
```
This will create a binary: `bin/parser`
Once you run the binary you will get the usage menu:
```
Usage: ./bin/parser --destDir=<dir> --source=<file>
-d string
Destination Directory (shorthand)
-destDir string
Destination Directory
-s string
Source Log File (shorthand)
-source string
Source Log File
```
Lets say you have the following structure:
```
├── fail2ban/
├── parser
└── raw-logs/
└── fail2ban.log
```
You can run the parser:
```
./parser -destDir=./fail2ban -source=./raw-logs/fail2ban.log
```
The parser will read the source file and create `parsed.json`and `state.json` in your destination directory. _*If destination directory does not exist, the parser will try to create it._
`parsed.json` will have the following structure:
```
[
{
"timestamp": "2025-10-19 00:00:01,810",
"handler": "fail2ban.server",
"level": "INFO",
"source": "",
"ipAddress": "",
"message": ""
},
...
]
```
You can import this in grafana or any other tool to analyse further.
`state.json` will look like this:
```
{
"offset": 3703746,
"size": 6079112
}
```
Offset is the size in Bytes of how far the fail2ban.log file was read when the command was run the last time.
Size is the tracker of the parsed log file size in Bytes. - I have implemented this for myself to have an overview, maybe one day I will write rollover logic based on this.
## More
To read more about this project and how i made a Grafana dashboard you can read it on [My Blog](https://agres.online/blog/bruteforce)
## Developed with
- make
- go 1.25.3
- linux