Fail2ban IPs visualized using IPinfo CLI and Sumamry tool

Abdullah · February 26, 2024, 8:51pm

I installed Fail2Ban in one of my VMs the other day. It is really fun to check out the IP addresses trying to access the VM.

The code is pretty basic

cat /var/log/fail2ban.log | ipinfo grepip -o | curl -XPOST --data-binary @- "ipinfo.io/tools/summarize-ips?cli=1"

cat /var/log/fail2ban.log

You extract the fail2ban logs

ipinfo grepip -o

Use the IPinfo CLI’s grepip command to grep all the IP addresses.

curl -XPOST --data-binary @- "ipinfo.io/tools/summarize-ips?cli=1"

You post that to the IPinfo summary tool’s API endpoint.

This will generate a JSOn response:

{
  "status": "Report Generated",
  "reportUrl": "https://ipinfo.io/tools/summarize-ips/8f6f9e20-0c14-40d2-bbbb-61b9b9f6a095"
}

You just visit the link to your IP summary report: IP Summarization Results of 3748 IPs - IPinfo.io

You can also bulk enrichment. Here I am doing that for all the banned IPs:

 cat /var/log/fail2ban.log | grep Ban | ipinfo grepip -o | ipinfo bulk -c > data.csv

Topic		Replies	Views
Dynamic ASN/range based blocklist General asn	0	154	April 21, 2024
Twitter query - Getting information of thousands of IP addresses General api , cli	0	480	July 22, 2023
Extract the full Routes instead of Top Routes using ipinfo summarize (CLI) General api , database , asn	7	333	December 19, 2023
Enrich IP addresses with the CLI and get specific columns of data Integrations & Platforms	0	323	June 16, 2023
Best way to get location for an anonymized ip address General anonymous-ip , ip-geolocation	3	827	July 20, 2023