2.1 KiB
2.1 KiB
Fail2ban monitoring with Netdata
Monitors the fail2ban log file to show all bans for all active jails.
Requirements
The fail2ban.log file must be readable by the user netdata:
- change the file ownership and access permissions.
- update
/etc/logrotate.d/fail2banto persists the changes after rotating the log file.
Click to expand the instruction.
To change the file ownership and access permissions, execute the following:
sudo chown root:netdata /var/log/fail2ban.log
sudo chmod 640 /var/log/fail2ban.log
To persist the changes after rotating the log file, add create 640 root netdata to the /etc/logrotate.d/fail2ban:
/var/log/fail2ban.log {
weekly
rotate 4
compress
delaycompress
missingok
postrotate
fail2ban-client flushlogs 1>/dev/null
endscript
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root netdata
}
Charts
- Failed attempts in attempts/s
- Bans in bans/s
- Banned IP addresses (since the last restart of netdata) in ips
Configuration
Edit the python.d/fail2ban.conf configuration file using edit-config from the
Netdata config directory, which is typically at /etc/netdata.
cd /etc/netdata # Replace this path with your Netdata config directory, if different
sudo ./edit-config python.d/fail2ban.conf
Sample:
local:
log_path: '/var/log/fail2ban.log'
conf_path: '/etc/fail2ban/jail.local'
exclude: 'dropbear apache'
If no configuration is given, module will attempt to read log file at /var/log/fail2ban.log and conf file
at /etc/fail2ban/jail.local. If conf file is not found default jail is ssh.