scriptzteam · October 13, 2016 20:56 · Jan 6, 2016 · Sep 11, 2014 · Sep 11, 2014 · Sep 11, 2014
diff --git a/fail2ban_ctry_stats.sh b/fail2ban_ctry_stats.sh
@@ -6,4 +6,4 @@ for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort |
 do 
  echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ; 
 done
-cat fail2ban_ctry.log fail2bancry2.log | sed 's/country:  //g' |sort | uniq -c | sort -nr
+cat fail2ban_ctry.log | sed 's/country:  //g' |sort | uniq -c | sort -nr
diff --git a/fail2ban_ctry_stats → fail2ban_ctry_stats.sh b/fail2ban_ctry_stats → fail2ban_ctry_stats.sh
diff --git a/fail2ban_ctry_stats b/fail2ban_ctry_stats
@@ -6,4 +6,4 @@ for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort |
 do 
  echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ; 
 done
-cat fail2ban_ctry.log fail2bancry2.log | sed 's/country:  //g' |sort | uniq -c
+cat fail2ban_ctry.log fail2bancry2.log | sed 's/country:  //g' |sort | uniq -c | sort -nr
diff --git a/fail2ban_ctry_stats b/fail2ban_ctry_stats
@@ -0,0 +1,9 @@
+#!/bin/bash
+# get a country statistic for Fail2Ban blocks:
+# this just accounts for IPs once. Multiple failed attempts by one IP just show up once for a country.
+
+for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort | uniq | cut -d ' ' -f 1 | grep "\."`; 
+do 
+ echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ; 
+done
+cat fail2ban_ctry.log fail2bancry2.log | sed 's/country:  //g' |sort | uniq -c
No results found