mirror of
https://github.com/agresdominik/f2b_parser.git
synced 2026-04-21 10:01:55 +00:00
88 lines
2.2 KiB
Markdown
88 lines
2.2 KiB
Markdown
# Fail2Ban Log Parser
|
|
|
|
## About
|
|
|
|
This is a mini weekend project i did as one of my first steps in learning golang. The binary takes a f2b log file as input and a output directory as output, in which it creates a parsed.json and state.json file. Parsed.json contains the logs in a structured file and state.json is the metadata used to track at which point the parser last checked and if the file rolled over (log files tend to wipe after a certain amount of rows or create copies of themselfes while wiping their contents.)
|
|
|
|
## Usage
|
|
|
|
To build the project run
|
|
|
|
```bash
|
|
make build
|
|
```
|
|
|
|
This will create a binary: `bin/parser`
|
|
|
|
Once you run the binary you will get the usage menu:
|
|
```
|
|
Usage: ./bin/parser --destDir=<dir> --source=<file>
|
|
-d string
|
|
Destination Directory (shorthand)
|
|
-destDir string
|
|
Destination Directory
|
|
-s string
|
|
Source Log File (shorthand)
|
|
-source string
|
|
Source Log File
|
|
```
|
|
|
|
Lets say you have the following structure:
|
|
|
|
```
|
|
├── fail2ban/
|
|
├── parser
|
|
└── raw-logs/
|
|
└── fail2ban.log
|
|
```
|
|
|
|
You can run the parser:
|
|
```
|
|
./parser -destDir=./fail2ban -source=./raw-logs/fail2ban.log
|
|
```
|
|
|
|
The parser will read the source file and create `parsed.json`and `state.json` in your destination directory. _*If destination directory does not exist, the parser will try to create it._
|
|
|
|
`parsed.json` will have the following structure:
|
|
|
|
```
|
|
[
|
|
{
|
|
"timestamp": "2025-10-19 00:00:01,810",
|
|
"handler": "fail2ban.server",
|
|
"level": "INFO",
|
|
"source": "",
|
|
"ipAddress": "",
|
|
"message": ""
|
|
},
|
|
...
|
|
]
|
|
```
|
|
|
|
You can import this in grafana or any other tool to analyse further.
|
|
|
|
`state.json` will look like this:
|
|
|
|
```
|
|
{
|
|
"offset": 3703746,
|
|
"size": 6079112
|
|
}
|
|
```
|
|
|
|
Offset is the size in Bytes of how far the fail2ban.log file was read when the command was run the last time.
|
|
|
|
Size is the tracker of the parsed log file size in Bytes. - I have implemented this for myself to have an overview, maybe one day I will write rollover logic based on this.
|
|
|
|
|
|
## More
|
|
|
|
To read more about this project and how i made a Grafana dashboard you can read it on [My Blog](https://agres.online/blog/bruteforce)
|
|
|
|
|
|
## Developed with
|
|
|
|
- make
|
|
- go 1.25.3
|
|
- linux
|