I want use a command same as this:
Code: Select all
log print where time > [ 1 hour ago ]
Thanks.
log print where time > [ 1 hour ago ]
#define How many failed login attempts from same address triggers temporary ban
:local maxtried "10"
#define How long ban should last (1d: one day, 30m: 30 minutes)
:local bantime "15m"
#define Excluded IP
:local excludeip "1.2.3.4"
#default Rules check and build
:if ([:len [/ip fi fi find comment=fail2ban]]=0) do={/ip fi fi add chain=input src-address-list=ban action=drop comment=fail2ban}
#program Routine
:local timenow [/system clock get time]
:local timeoffset ($timenow - 1m)
/log
:foreach i in=[find message~"login failure"] do={
:local msgtime [get $i time]
:if (([:len $msgtime] = 8) && ($msgtime > $timeoffset)) do={
:local msg [get $i message]
:local theip [:pick $msg ([:find $msg "from "]+5) [:find $msg " via"]]
:if ($theip != $excludeip) do={
:local timesban [:len [/ip fi addr find list=ban address=$theip]]
:if ($timesban = 0) do={
:local times [:len [/ip fi addr find list=login_failure address=$theip]]
:if ($times = 0) do={/ip fi addr add list=login_failure address=$theip timeout=30s comment=1} else={:local thecm [:tonum ([/ip fi addr get [find list=login_failure address=$theip] comment] + 1)];:if ($thecm > $maxtried) do={[/ip fi addr add list=ban timeout=$bantime address=$theip]} else={/ip fi addr set [find list=login_failure address=$theip] comment=$thecm}}
}
}
}
}