Fail2Ban Log Parser
About
This is a mini weekend project i did as one of my first steps in learning golang. The binary takes a f2b log file as input and a output directory as output, in which it creates a parsed.json and state.json file. Parsed.json contains the logs in a structured file and state.json is the metadata used to track at which point the parser last checked and if the file rolled over (log files tend to wipe after a certain amount of rows or create copies of themselfes while wiping their contents.)
Usage
To build the project run
make build
This will create a binary: bin/parser
Once you run the binary you will get the usage menu:
Usage: ./bin/parser --destDir=<dir> --source=<file>
-d string
Destination Directory (shorthand)
-destDir string
Destination Directory
-s string
Source Log File (shorthand)
-source string
Source Log File
Lets say you have the following structure:
├── fail2ban/
├── parser
└── raw-logs/
└── fail2ban.log
You can run the parser:
./parser -destDir=./fail2ban -source=./raw-logs/fail2ban.log
The parser will read the source file and create parsed.jsonand state.json in your destination directory. *If destination directory does not exist, the parser will try to create it.
parsed.json will have the following structure:
[
{
"timestamp": "2025-10-19 00:00:01,810",
"handler": "fail2ban.server",
"level": "INFO",
"source": "",
"ipAddress": "",
"message": ""
},
...
]
You can import this in grafana or any other tool to analyse further.
state.json will look like this:
{
"offset": 3703746,
"size": 6079112
}
Offset is the size in Bytes of how far the fail2ban.log file was read when the command was run the last time.
Size is the tracker of the parsed log file size in Bytes. - I have implemented this for myself to have an overview, maybe one day I will write rollover logic based on this.
More
To read more about this project and how i made a Grafana dashboard you can read it on My Blog
Developed with
- make
- go 1.25.3
- linux