Skip to content

Latest commit

 

History

History
 
 

fail2ban

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Fail2ban Input Plugin

The fail2ban plugin gathers the count of failed and banned ip addresses using fail2ban.

This plugin runs the fail2ban-client command which generally requires root access. Acquiring the required permissions can be done using several methods:

  • Use sudo run fail2ban-client.
  • Run telegraf as root. (not recommended)

Using sudo

You will need the following in your telegraf config:

[[inputs.fail2ban]]
  use_sudo = true

You will also need to update your sudoers file:

$ visudo
# Add the following line:
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
telegraf  ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session

Configuration:

# Read metrics from fail2ban.
[[inputs.fail2ban]]
  ## Use sudo to run fail2ban-client
  use_sudo = false

Measurements & Fields:

  • fail2ban
    • failed (integer, count)
    • banned (integer, count)

Tags:

  • All measurements have the following tags:
    • jail

Example Output:

# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 5
|  |- Total failed:     20
|  `- File list:        /var/log/secure
`- Actions
   |- Currently banned: 2
   |- Total banned:     10
   `- Banned IP list:   192.168.0.1 192.168.0.2
fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000