- 1 Plugins
- 1.1 Input
- 1.2 Plugin chain
- 1.3 Output
Currently, some nice new features like removing the date before matching, multi-line matching, "log decompression", new tags in failregex, etc, would be rather difficult to add. A plugin-based chain would probably be a good solution for these new features. I would be easier for people to hack on fail2ban too.
As of version 0.8.1, filter.py contains most of the matching code (read a line, find the timestamp, try to match the failregex, etc). Filter is a kind of "abstract" class (sorry I'm a Java developer). There is currently 2 "concrete" classes, FilterPoll and FilterGamin. Thus, those classes could be the start of the chain, reading lines from log files and feeding the plugin chain.
There is 2 kind of plugins: system plugins and user plugins. System plugins are hard-wired in the chain and cannot be disabled or moved. User plugins can be configured, enabled or disabled by the user.
This plugin parses the date in the log line using the existing DateDetector. It removes the date from the log line too.
This plugin removes syslog daemon specific information (process identifier and name). A PrefixDetector will be probably needed.
This plugin runs the failregex on the log line.
This plugin selects the regex group that has to taken as primary key.
This plugin stores information about a break-in attempt.
Ban ticket generator
This plugin generates ban ticket when needed.
The last plugin in the chain is "Ban ticket generator" which will generate a ban request as needed. It should be possible to use the existing Action and Actions classes.