| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 |
- plugin_name: python.d.plugin
- modules:
- - meta:
- plugin_name: python.d.plugin
- module_name: fail2ban
- monitored_instance:
- name: Fail2ban
- link: https://www.fail2ban.org/
- categories:
- - data-collection.authentication-and-authorization
- icon_filename: "fail2ban.png"
- related_resources:
- integrations:
- list: []
- info_provided_to_referring_integrations:
- description: ""
- keywords:
- - fail2ban
- - security
- - authentication
- - authorization
- most_popular: false
- overview:
- data_collection:
- metrics_description: |
- Monitor Fail2ban performance for prime intrusion prevention operations. Monitor ban counts, jail statuses, and failed login attempts to ensure robust network security.
- method_description: |
- It collects metrics through reading the default log and configuration files of fail2ban.
- supported_platforms:
- include: []
- exclude: []
- multi_instance: true
- additional_permissions:
- description: |
- The `fail2ban.log` file must be readable by the user `netdata`.
- - change the file ownership and access permissions.
- - update `/etc/logrotate.d/fail2ban`` to persist the changes after rotating the log file.
-
- To change the file ownership and access permissions, execute the following:
-
- ```shell
- sudo chown root:netdata /var/log/fail2ban.log
- sudo chmod 640 /var/log/fail2ban.log
- ```
-
- To persist the changes after rotating the log file, add `create 640 root netdata` to the `/etc/logrotate.d/fail2ban`:
-
- ```shell
- /var/log/fail2ban.log {
-
- weekly
- rotate 4
- compress
-
- delaycompress
- missingok
- postrotate
- fail2ban-client flushlogs 1>/dev/null
- endscript
-
- # If fail2ban runs as non-root it still needs to have write access
- # to logfiles.
- # create 640 fail2ban adm
- create 640 root netdata
- }
- ```
- default_behavior:
- auto_detection:
- description: |
- By default the collector will attempt to read log file at /var/log/fail2ban.log and conf file at /etc/fail2ban/jail.local. If conf file is not found default jail is ssh.
- limits:
- description: ""
- performance_impact:
- description: ""
- setup:
- prerequisites:
- list: []
- configuration:
- file:
- name: ""
- description: ""
- options:
- description: |
- There are 2 sections:
-
- * Global variables
- * One or more JOBS that can define multiple different instances to monitor.
-
- The following options can be defined globally: priority, penalty, autodetection_retry, update_every, but can also be defined per JOB to override the global values.
-
- Additionally, the following collapsed table contains all the options that can be configured inside a JOB definition.
-
- Every configuration JOB starts with a `job_name` value which will appear in the dashboard, unless a `name` parameter is specified.
- folding:
- title: Config options
- enabled: true
- list:
- - name: log_path
- description: path to fail2ban.log.
- default_value: /var/log/fail2ban.log
- required: false
- - name: conf_path
- description: path to jail.local/jail.conf.
- default_value: /etc/fail2ban/jail.local
- required: false
- - name: conf_dir
- description: path to jail.d/.
- default_value: /etc/fail2ban/jail.d/
- required: false
- - name: exclude
- description: jails you want to exclude from autodetection.
- default_value: ""
- required: false
- - name: update_every
- description: Sets the default data collection frequency.
- default_value: 1
- required: false
- - name: priority
- description: Controls the order of charts at the netdata dashboard.
- default_value: 60000
- required: false
- - name: autodetection_retry
- description: Sets the job re-check interval in seconds.
- default_value: 0
- required: false
- - name: penalty
- description: Indicates whether to apply penalty to update_every in case of failures.
- default_value: yes
- required: false
- - name: name
- description: Job name. This value will overwrite the `job_name` value. JOBS with the same name are mutually exclusive. Only one of them will be allowed running at any time. This allows autodetection to try several alternatives and pick the one that works.
- default_value: ""
- required: false
- examples:
- folding:
- enabled: true
- title: Config
- list:
- - name: Basic
- folding:
- enabled: false
- description: A basic example configuration.
- config: |
- local:
- log_path: '/var/log/fail2ban.log'
- conf_path: '/etc/fail2ban/jail.local'
- troubleshooting:
- problems:
- list: []
- alerts: []
- metrics:
- folding:
- title: Metrics
- enabled: false
- description: ""
- availability: []
- scopes:
- - name: global
- description: |
- These metrics refer to the entire monitored application.
- labels: []
- metrics:
- - name: fail2ban.failed_attempts
- description: Failed attempts
- unit: "attempts/s"
- chart_type: line
- dimensions:
- - name: a dimension per jail
- - name: fail2ban.bans
- description: Bans
- unit: "bans/s"
- chart_type: line
- dimensions:
- - name: a dimension per jail
- - name: fail2ban.banned_ips
- description: Banned IP addresses (since the last restart of netdata)
- unit: "ips"
- chart_type: line
- dimensions:
- - name: a dimension per jail
|
