blob: 549f779d1aa132ba5a7ab845c4ad0755fd6c31f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
# yamllint disable rule:line-length
---
meta:
plugin_name: python.d.plugin
module_name: fail2ban
monitored_instance:
name: Fail2ban
link: https://www.fail2ban.org/
categories:
- data-collection.authentication-and-authorization
icon_filename: "fail2ban.png"
related_resources:
integrations:
list: []
info_provided_to_referring_integrations:
description: ""
keywords:
- fail2ban
- security
- authentication
- authorization
most_popular: false
overview:
data_collection:
metrics_description: |
Monitor Fail2ban performance for prime intrusion prevention operations. Monitor ban counts, jail statuses, and failed login attempts to ensure robust network security.
method_description: |
It collects metrics through reading the default log and configuration files of fail2ban.
supported_platforms:
include: []
exclude: []
multi_instance: true
additional_permissions:
description: |
The `fail2ban.log` file must be readable by the user `netdata`.
- change the file ownership and access permissions.
- update `/etc/logrotate.d/fail2ban`` to persist the changes after rotating the log file.
To change the file ownership and access permissions, execute the following:
```shell
sudo chown root:netdata /var/log/fail2ban.log
sudo chmod 640 /var/log/fail2ban.log
```
To persist the changes after rotating the log file, add `create 640 root netdata` to the `/etc/logrotate.d/fail2ban`:
```shell
/var/log/fail2ban.log {
weekly
rotate 4
compress
delaycompress
missingok
postrotate
fail2ban-client flushlogs 1>/dev/null
endscript
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root netdata
}
```
default_behavior:
auto_detection:
description: |
By default the collector will attempt to read log file at /var/log/fail2ban.log and conf file at /etc/fail2ban/jail.local. If conf file is not found default jail is ssh.
limits:
description: ""
performance_impact:
description: ""
setup:
prerequisites:
list: []
configuration:
file:
name: ""
description: ""
options:
description: |
There are 2 sections:
* Global variables
* One or more JOBS that can define multiple different instances to monitor.
The following options can be defined globally: priority, penalty, autodetection_retry, update_every, but can also be defined per JOB to override the global values.
Additionally, the following collapsed table contains all the options that can be configured inside a JOB definition.
Every configuration JOB starts with a `job_name` value which will appear in the dashboard, unless a `name` parameter is specified.
folding:
title: Config options
enabled: true
list:
- name: log_path
description: path to fail2ban.log.
default_value: /var/log/fail2ban.log
required: false
- name: conf_path
description: path to jail.local/jail.conf.
default_value: /etc/fail2ban/jail.local
required: false
- name: conf_dir
description: path to jail.d/.
default_value: /etc/fail2ban/jail.d/
required: false
- name: exclude
description: jails you want to exclude from autodetection.
default_value: ""
required: false
- name: update_every
description: Sets the default data collection frequency.
default_value: 1
required: false
- name: priority
description: Controls the order of charts at the netdata dashboard.
default_value: 60000
required: false
- name: autodetection_retry
description: Sets the job re-check interval in seconds.
default_value: 0
required: false
- name: penalty
description: Indicates whether to apply penalty to update_every in case of failures.
default_value: yes
required: false
- name: name
description: Job name. This value will overwrite the `job_name` value. JOBS with the same name are mutually exclusive. Only one of them will be allowed running at any time. This allows autodetection to try several alternatives and pick the one that works.
default_value: ""
required: false
examples:
folding:
enabled: true
title: Config
list:
- name: Basic
folding:
enabled: false
description: A basic example configuration.
config: |
local:
log_path: '/var/log/fail2ban.log'
conf_path: '/etc/fail2ban/jail.local'
troubleshooting:
problems:
list: []
alerts: []
metrics:
folding:
title: Metrics
enabled: false
description: ""
availability: []
scopes:
- name: global
description: |
These metrics refer to the entire monitored application.
labels: []
metrics:
- name: fail2ban.failed_attempts
description: Failed attempts
unit: "attempts/s"
chart_type: line
dimensions:
- name: a dimension per jail
- name: fail2ban.bans
description: Bans
unit: "bans/s"
chart_type: line
dimensions:
- name: a dimension per jail
- name: fail2ban.banned_ips
description: Banned IP addresses (since the last restart of netdata)
unit: "ips"
chart_type: line
dimensions:
- name: a dimension per jail
|
