README.md 2.0 KB
Fail2ban monitoring with Netdata
Monitors the fail2ban log file to show all bans for all active jails.
Requirements
The fail2ban.log file must be readable by the user netdata:
- change the file ownership and access permissions.
- update
/etc/logrotate.d/fail2banto persists the changes after rotating the log file.
Click to expand the instruction.
To change the file ownership and access permissions, execute the following: ```shell sudo chown root:netdata /var/log/fail2ban.log sudo chmod 640 /var/log/fail2ban.log ``` To persist the changes after rotating the log file, add `create 640 root netdata` to the `/etc/logrotate.d/fail2ban`: ```shell /var/log/fail2ban.log { weekly rotate 4 compress delaycompress missingok postrotate fail2ban-client flushlogs 1>/dev/null endscript # If fail2ban runs as non-root it still needs to have write access # to logfiles. # create 640 fail2ban adm create 640 root netdata } ```Charts
- Failed attempts in attempts/s
- Bans in bans/s
- Banned IP addresses (since the last restart of netdata) in ips
Configuration
Edit the python.d/fail2ban.conf configuration file using edit-config from the
Netdata config directory, which is typically at /etc/netdata.
cd /etc/netdata # Replace this path with your Netdata config directory, if different
sudo ./edit-config python.d/fail2ban.conf
Sample:
local:
log_path: '/var/log/fail2ban.log'
conf_path: '/etc/fail2ban/jail.local'
exclude: 'dropbear apache'
If no configuration is given, module will attempt to read log file at /var/log/fail2ban.log and conf file
at /etc/fail2ban/jail.local. If conf file is not found default jail is ssh.