Watched Mandy (2018) from letterboxd.com
The Shadow Mountains, 1983. Red and Mandy lead a loving and peaceful existence; but when their pine-scented haven is savagely destroyed, Red is catapulted into a phantasmagoric journey filled with bloody vengeance and laced with fire.

It was cheaper for me to buy this movie than it was to rent it, so I now own it. Fortunately, I really loved it. It is a masterclass in creating insanity on screen:

  1. Explain nothing
  2. Don’t set yourself any rules
  3. Hire Nic Cage

Explain nothing – this film raises so many more questions than it answers. Just so, so many. It doesn’t even bother trying to answer them. They are not there to be answered. And you quickly understand that, in this world, the inexplicable happens and you don’t need to understand the why or how.

Don’t set yourself any rules – basically, dialogue, motivations and context are your enemy. The more information you give, about ANYTHING, the higher the likelihood you’ll have to roll back on that later. So, don’t bother. Is Red a recovering addict? Probably. Does it matter? No. Do we need to be told? No.

Hire Nic Cage – in all honesty, we do flirt with self-parody here. I mean, at this point, it is somewhat inevitable. But this is perfect Cage doing Cage. It’s like the cinematic opposite of Orlando Bloom’s casting in Kingdom of Heaven.

This part contains spoilers.

Here is just one of the things I really loved about this.

In most revenge movies, the anti-hero (revenge is never heroic, right?) has a real attritional battle. This tends to escalate as he (almost always a he) works his way up the “food chain”. This often reaches peak with the “number 2”, the lead henchman, usually the inflicter of motivation, the one with actual blood on his hands. After this confrontation, the anti-hero will reach “the boss” half-dead but usually the boss is a bit of pen-pusher so it doesn’t take much to see him off.

This is nothing like that. He simply starts where he can and despite a few mishaps and some fairly serious injury, he goes through ALL of them “like a fat kid through cake”. And, honestly, not even with a great deal of style. Just a relentless, brutal efficiency.

Bravo 👏

Watched Love and Monsters (2020) from letterboxd.com
Seven years after the Monsterpocalypse, Joel Dawson, along with the rest of humanity, has been living underground ever since giant creatures took control of the land. After reconnecting over radio with his high school girlfriend Aimee, who is now 80 miles away at a coastal colony, Joel begins to fall for her again. As Joel realizes that there’s nothing left for him underground, he decides against all logic to venture out to Aimee, despite all the dangerous monsters that stand in his way.

For me, this is one of those movies that turns “ratings” on it’s head.

I have to give this four stars on the basis that it, in my eyes, it does everything just right. It does exactly what it sets out to do, it’s tight (in terms of economy and timing), it looks good, the dialogue is good. It also sticks steadfastly to it’s own “rules”.

People will draw comparisons with Zombieland but that’s pretty lazy in my opinion. The lead characters are polar opposites in two main ways: aptitude and likeability. I think a lot of people will also see Michael Rooker’s character as some sort of budget Tallahassee and that, also, would be an incredibly superficial comparison. And, this is not a comedy being played for laughs.

This is, comparatively, a solid three star movie. It doesn’t have the budget (for effects and cast) to elevate it above that. It doesn’t have a “worthy” cause or lesson that it wants to bring to your attention. In fact it is pretty devoid of gravitas. It’s not going to enlighten you.

But for what it is compared to what it wants to be, I can’t fault it.

Watched Wolfwalkers (2020) from letterboxd.com
In a time of superstition and magic, when wolves are seen as demonic and nature an evil to be tamed, a young apprentice hunter comes to Ireland with her father to wipe out the last pack. But when she saves a wild native girl, their friendship leads her to discover the world of the Wolfwalkers and transform her into the very thing her father is tasked to destroy.

Wonderful.

Well, who knew Cloudwatch would be so much fun to tinker with?! Not me!

I have been slowly refining my Cloudwatch dashboard: adding new alarms, expanding the scope of the log watch, all that good stuff. It is very satisfying. Over the last week or so I have also set-up fail2ban because (according to my audit log via Cloudwatch 😉) sshd was getting hammered. As previously mentioned, this box is not well resourced, so I wanted to nip that in the bud. But does the cost of running fail2ban outweigh the benefits? Hard to say!

Anyway, I am getting quite a lot of email from fail2ban. This is good because I know it is working but I’d rather not have the email and still be able to easily check it was working… so Cloudwatch!

I added the fail2ban log to the config and used the Logs Insights tool to explore. This is typical line:

2021-04-30 17:58:06.631, "2021-04-30 18:58:06,208 fail2ban.filter [100432]: INFO [sshd] Found 205.185.119.236 - 2021-04-30 18:58:05"

We could use the date/time a few more times, right? I decided this was the time to jump into the parse command in the CloudWatch Logs Insights query language (rolls off the tongue that). I knew I was going to need another regex within about 10 seconds. But, damn, if the examples aren’t thin on the ground. I googled and found virtually nothing although this post did help a bit.

So, to regex101.com I went. I exported a few lines from the log to test and I must be getting quite a lot better because I got the basics working pretty quickly:

\[sshd\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)

Then this query in Cloudwatch Logs Insights did the job:

parse @message /\[sshd\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)/

| display @timestamp, action, ip_address

| limit 200

Unfortunately, I find reading timestamp pretty hard so a bit more tinkering:

parse @message /(?<date>\d\d\d\d-\d\d-\d\d)\ (?<time>\d\d:\d\d:\d\d).*\[sshd\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)/

| display date, time, action, ip_address

| limit 200

Excellent! It was running for about 5 minutes and it suddenly produced a blank line. Of course, [sshd] in the log refers to the jail. I have several set up so…

parse @message /(?<date>\d\d\d\d-\d\d-\d\d)\ (?<time>\d\d:\d\d:\d\d).*\[(?<jail>sshd|recidive|mysqld-auth)\]\ (?<action>[a-zA-z]*)\ (?<ip_address>[\d\.]*)/

| display date, time, jail, action, ip_address

| limit 200

And that does the job nicely at the moment. You can find an explanation of the regex on regex101.

Once I am a bit more confident, I’ll start filtering on the action, so I can just see bans and unbans:

| filter action = "Ban" or action ="Unban"