Web Analytics Made Easy -
StatCounter Fail2Ban with geolocation data - CodingForum

Announcement

Collapse
No announcement yet.

Fail2Ban with geolocation data

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fail2Ban with geolocation data

    If you are using Fail2Ban on debian, there is sample code that you can integrate with IP2Location in order to geolocate the bad IP.

    The output will look like this:
    12.54.6.78 (US, United States, California, Mountain View [37.405992, -122.078515] ZIP: 94043 TZ: -07:00)

    Code:
    # Fail2BanIP2Location.py
    import re
    
    import IP2Location;
    
    IP2LocObj = IP2Location.IP2Location();
    IP2LocObj.open("PATH/TO/IP2LOCATION/BIN/DATABASE");
    
    f = open('/var/log/fail2ban.log', 'r')
    pattern = r".*?Ban\s*?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))$"
    p = re.compile(pattern)
    for i in f:
    	m = p.match(i)
    	if m:
    		ip = m.group(1)
    		rec = IP2LocObj.get_all(ip);
    		print "%s (%s, %s, %s, %s [%s, %s] ZIP: %s TZ: %)" % (ip, rec.country_short, rec.country_long, rec.region, rec.city, rec.latutude, rec.longtiude, rec.zipcode, rec.timezone)
    Source of tutorial
Working...
X