Monitors the fail2ban log file to show all bans for all active jails.
The fail2ban.log
file must be readable by the user netdata
:
- change the file ownership and access permissions.
- update
/etc/logrotate.d/fail2ban
to persists the changes after rotating the log file.
Click to expand the instruction.
To change the file ownership and access permissions, execute the following:
sudo chown root:netdata /var/log/fail2ban.log
sudo chmod 640 /var/log/fail2ban.log
To persist the changes after rotating the log file, add create 640 root netdata
to the /etc/logrotate.d/fail2ban
:
/var/log/fail2ban.log {
weekly
rotate 4
compress
delaycompress
missingok
postrotate
fail2ban-client flushlogs 1>/dev/null
endscript
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root netdata
}
- Failed attempts in attempts/s
- Bans in bans/s
- Banned IP addresses (since the last restart of netdata) in ips
Edit the python.d/fail2ban.conf
configuration file using edit-config
from the
Netdata config directory, which is typically at /etc/netdata
.
cd /etc/netdata # Replace this path with your Netdata config directory, if different
sudo ./edit-config python.d/fail2ban.conf
Sample:
local:
log_path: '/var/log/fail2ban.log'
conf_path: '/etc/fail2ban/jail.local'
exclude: 'dropbear apache'
If no configuration is given, module will attempt to read log file at /var/log/fail2ban.log
and conf file
at /etc/fail2ban/jail.local
. If conf file is not found default jail is ssh
.