One of the best ways of troubleshooting is to use the fail2ban-regex tool<\/strong>.<\/p>\n\n\n\n Feed this with the log-file you want to watch, and point it to the filter you want applied:<\/p>\n\n\n\n Extra Fun!<\/p>\n\n\n\n You can use this one-liner to parse through your \/var\/log\/messages<\/strong> file and totalize the number of<\/p>\n\n\n\n times a specific IP-address has been attempting to access your machine:<\/p>\n\n\n\n awk \u2018($(NF-7) = \/invalid user\/){print $(NF-3)}\u2019 \/var\/log\/messages | sort | uniq -c | sort<\/p>\n\n\n\n Once you have this listing, you can manually add IP-blocks of the form:<\/p>\n\n\n\n iptables -I INPUT -p tcp -s 83.103.96.33 \u2013dport ssh -j REJECT \u2013reject-with tcp-reset<\/p>\n","protected":false},"excerpt":{"rendered":" Troubleshooting fail2ban One of the best ways of troubleshooting is to use the fail2ban-regex tool. Feed this with the log-file you want to watch, and point it to the filter you want applied: hostname ~ # \/usr\/bin\/fail2ban-regex \/var\/log\/messages \/etc\/fail2ban\/filter.d\/sshd.conf or … Continue reading hostname ~ # \/usr\/bin\/fail2ban-regex \/var\/log\/messages \/etc\/fail2ban\/filter.d\/sshd.conf<\/strong><\/pre>\n\n\n\n
or try this one \"\/usr\/bin\/fail2ban-client status ssh-iptables\"<\/strong><\/pre>\n\n\n\n
--<\/pre>\n\n\n\n