fail2ban.server.datetemplate module

class fail2ban.server.datetemplate.DateEpoch(lineBeginOnly=False, pattern=None, longFrm=False)

Bases: DateTemplate

A date template which searches for Unix timestamps.

This includes Unix timestamps which appear at start of a line, optionally within square braces (nsd), or on SELinux audit log lines.

Attributes:
name
regex

Regex used to search for date.

Methods

getDate(line[, dateMatch, default_tz])

Method to return the date for a log line.

matchDate(line, *args)

Check if regex for date matches on a log line.

setRegex(regex[, wordBegin, wordEnd])

Sets regex to use for searching for date in log line.

getRegex

unboundPattern

getDate(line, dateMatch=None, default_tz=None)

Method to return the date for a log line.

Parameters:
linestr

Log line, of which the date should be extracted from.

default_tz: ignored, Unix timestamps are time zone independent
Returns:
(float, str)

Tuple containing a Unix timestamp, and the string of the date which was matched and in turned used to calculated the timestamp.

class fail2ban.server.datetemplate.DatePatternRegex(pattern=None, **kwargs)

Bases: DateTemplate

Date template, with regex/pattern

Parameters:
patternstr

Sets the date templates pattern.

Attributes:
name
regex

Regex used to search for date.

pattern

The pattern used for regex with strptime “%” time fields.

Methods

getDate(line[, dateMatch, default_tz])

Method to return the date for a log line.

matchDate(line, *args)

Check if regex for date matches on a log line.

setRegex(pattern[, wordBegin, wordEnd])

Sets regex to use for searching for date in log line.

getRegex

unboundPattern

getDate(line, dateMatch=None, default_tz=None)

Method to return the date for a log line.

This uses a custom version of strptime, using the named groups from the instances pattern property.

Parameters:
linestr

Log line, of which the date should be extracted from.

default_tz: optionally used to correct timezone
Returns:
(float, str)

Tuple containing a Unix timestamp, and the string of the date which was matched and in turned used to calculated the timestamp.

property pattern

The pattern used for regex with strptime “%” time fields.

This should be a valid regular expression, of which matching string will be extracted from the log line. strptime style “%” fields will be replaced by appropriate regular expressions, or custom regex groups with names as per the strptime fields can also be used instead.

setRegex(pattern, wordBegin=True, wordEnd=True)

Sets regex to use for searching for date in log line.

Parameters:
regexstr

The regex the template will use for searching for a date.

wordBeginbool

Defines whether the regex should be modified to search at beginning of a word, by adding special boundary r’(?=^|b|W)’ to start of regex. Can be disabled with specifying of ** at front of regex. Default True.

wordEndbool

Defines whether the regex should be modified to search at end of a word, by adding special boundary r’(?=b|W|$)’ to end of regex. Can be disabled with specifying of ** at end of regex. Default True.

Raises:
re.error

If regular expression fails to compile

class fail2ban.server.datetemplate.DateTai64n(wordBegin=False)

Bases: DateTemplate

A date template which matches TAI64N format timestamps.

Attributes:
name
regex

Regex used to search for date.

Methods

getDate(line[, dateMatch, default_tz])

Method to return the date for a log line.

matchDate(line, *args)

Check if regex for date matches on a log line.

setRegex(regex[, wordBegin, wordEnd])

Sets regex to use for searching for date in log line.

getRegex

unboundPattern

getDate(line, dateMatch=None, default_tz=None)

Method to return the date for a log line.

Parameters:
linestr

Log line, of which the date should be extracted from.

default_tz: ignored, since TAI is time zone independent
Returns:
(float, str)

Tuple containing a Unix timestamp, and the string of the date which was matched and in turned used to calculated the timestamp.

class fail2ban.server.datetemplate.DateTemplate

Bases: object

A template which searches for and returns a date from a log line.

This is an not functional abstract class which other templates should inherit from.

Attributes:
name
regex

Regex used to search for date.

Methods

getDate(line[, dateMatch, default_tz])

Abstract method, which should return the date for a log line

matchDate(line, *args)

Check if regex for date matches on a log line.

setRegex(regex[, wordBegin, wordEnd])

Sets regex to use for searching for date in log line.

getRegex

unboundPattern

LINE_BEGIN = 8
LINE_END = 4
WORD_BEGIN = 2
WORD_END = 1
abstract getDate(line, dateMatch=None, default_tz=None)

Abstract method, which should return the date for a log line

This should return the date for a log line, typically taking the date from the part of the line which matched the templates regex. This requires abstraction, therefore just raises exception.

Parameters:
linestr

Log line, of which the date should be extracted from.

default_tz: if no explicit time zone is present in the line

passing this will interpret it as in that time zone.

Raises:
NotImplementedError

Abstract method, therefore always returns this.

getRegex()
matchDate(line, *args)

Check if regex for date matches on a log line.

property regex

Regex used to search for date.

setRegex(regex, wordBegin=True, wordEnd=True)

Sets regex to use for searching for date in log line.

Parameters:
regexstr

The regex the template will use for searching for a date.

wordBeginbool

Defines whether the regex should be modified to search at beginning of a word, by adding special boundary r’(?=^|b|W)’ to start of regex. Can be disabled with specifying of ** at front of regex. Default True.

wordEndbool

Defines whether the regex should be modified to search at end of a word, by adding special boundary r’(?=b|W|$)’ to end of regex. Can be disabled with specifying of ** at end of regex. Default True.

Raises:
re.error

If regular expression fails to compile

static unboundPattern(pattern)