fail2ban/man/fail2ban-regex.1

138 lines
3.7 KiB
Groff

.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH FAIL2BAN-REGEX "1" "November 2020" "fail2ban-regex 0.11.2" "User Commands"
.SH NAME
fail2ban-regex \- test Fail2ban "failregex" option
.SH SYNOPSIS
.B fail2ban-regex
[\fI\,OPTIONS\/\fR] \fI\,<LOG> <REGEX> \/\fR[\fI\,IGNOREREGEX\/\fR]
.SH DESCRIPTION
Fail2Ban reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
.PP
This tools can test regular expressions for "fail2ban".
.SS "LOG:"
.TP
string
a string representing a log line
.TP
filename
path to a log file (\fI\,/var/log/auth.log\/\fP)
.TP
systemd\-journal
search systemd journal (systemd\-python required),
optionally with backend parameters, see `man jail.conf`
for usage and examples (systemd\-journal[journalflags=1]).
.SS "REGEX:"
.TP
string
a string representing a 'failregex'
.TP
filter
name of filter, optionally with options (sshd[mode=aggressive])
.TP
filename
path to a filter file (filter.d/sshd.conf)
.SS "IGNOREREGEX:"
.TP
string
a string representing an 'ignoreregex'
.TP
filename
path to a filter file (filter.d/sshd.conf)
.SH OPTIONS
.TP
\fB\-\-version\fR
show program's version number and exit
.TP
\fB\-h\fR, \fB\-\-help\fR
show this help message and exit
.TP
\fB\-c\fR CONFIG, \fB\-\-config\fR=\fI\,CONFIG\/\fR
set alternate config directory
.TP
\fB\-d\fR DATEPATTERN, \fB\-\-datepattern\fR=\fI\,DATEPATTERN\/\fR
set custom pattern used to match date/times
.TP
\fB\-\-timezone\fR=\fI\,TIMEZONE\/\fR, \fB\-\-TZ\fR=\fI\,TIMEZONE\/\fR
set time\-zone used by convert time format
.TP
\fB\-e\fR ENCODING, \fB\-\-encoding\fR=\fI\,ENCODING\/\fR
File encoding. Default: system locale
.TP
\fB\-r\fR, \fB\-\-raw\fR
Raw hosts, don't resolve dns
.TP
\fB\-\-usedns\fR=\fI\,USEDNS\/\fR
DNS specified replacement of tags <HOST> in regexp
('yes' \- matches all form of hosts, 'no' \- IP
addresses only)
.TP
\fB\-L\fR MAXLINES, \fB\-\-maxlines\fR=\fI\,MAXLINES\/\fR
maxlines for multi\-line regex.
.TP
\fB\-m\fR JOURNALMATCH, \fB\-\-journalmatch\fR=\fI\,JOURNALMATCH\/\fR
journalctl style matches overriding filter file.
"systemd\-journal" only
.TP
\fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fI\,LOG_LEVEL\/\fR
Log level for the Fail2Ban logger to use
.TP
\fB\-V\fR
get version in machine\-readable short format
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Increase verbosity
.TP
\fB\-\-verbosity\fR=\fI\,VERBOSE\/\fR
Set numerical level of verbosity (0..4)
.TP
\fB\-\-verbose\-date\fR, \fB\-\-VD\fR
Verbose date patterns/regex in output
.TP
\fB\-D\fR, \fB\-\-debuggex\fR
Produce debuggex.com urls for debugging there
.TP
\fB\-\-no\-check\-all\fR
Disable check for all regex's
.TP
\fB\-o\fR OUT, \fB\-\-out\fR=\fI\,OUT\/\fR
Set token to print failure information only (row, id,
ip, msg, host, ip4, ip6, dns, matches, ...)
.TP
\fB\-\-print\-no\-missed\fR
Do not print any missed lines
.TP
\fB\-\-print\-no\-ignored\fR
Do not print any ignored lines
.TP
\fB\-\-print\-all\-matched\fR
Print all matched lines
.TP
\fB\-\-print\-all\-missed\fR
Print all missed lines, no matter how many
.TP
\fB\-\-print\-all\-ignored\fR
Print all ignored lines, no matter how many
.TP
\fB\-t\fR, \fB\-\-log\-traceback\fR
Enrich log\-messages with compressed tracebacks
.TP
\fB\-\-full\-traceback\fR
Either to make the tracebacks full, not compressed (as
by default)
.SH AUTHOR
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
Many contributions by Yaroslav O. Halchenko, Steven Hiscocks, Sergey G. Brester (sebres).
.SH "REPORTING BUGS"
Report bugs to https://github.com/fail2ban/fail2ban/issues
.SH COPYRIGHT
Copyright \(co 2004\-2008 Cyril Jaquier, 2008\- Fail2Ban Contributors
.br
Copyright of modifications held by their respective authors.
Licensed under the GNU General Public License v2 (GPL).
.SH "SEE ALSO"
.br
fail2ban-client(1)
fail2ban-server(1)
jail.conf(5)