I installed Fail2Ban in one of my VMs the other day. It is really fun to check out the IP addresses trying to access the VM.
The code is pretty basic
cat /var/log/fail2ban.log | ipinfo grepip -o | curl -XPOST --data-binary @- "ipinfo.io/tools/summarize-ips?cli=1"
cat /var/log/fail2ban.log
You extract the fail2ban logs
ipinfo grepip -o
Use the IPinfo CLI’s grepip
command to grep all the IP addresses.
curl -XPOST --data-binary @- "ipinfo.io/tools/summarize-ips?cli=1"
You post that to the IPinfo summary tool’s API endpoint.
This will generate a JSOn response:
{
"status": "Report Generated",
"reportUrl": "https://ipinfo.io/tools/summarize-ips/8f6f9e20-0c14-40d2-bbbb-61b9b9f6a095"
}
You just visit the link to your IP summary report: IP Summarization Results of 3748 IPs - IPinfo.io
You can also bulk enrichment. Here I am doing that for all the banned
IPs:
cat /var/log/fail2ban.log | grep Ban | ipinfo grepip -o | ipinfo bulk -c > data.csv