Skip to main content

Fail2ban monitoring with Netdata

Monitors the fail2ban log file to show all bans for all active jails.

Requirements#

  • fail2ban.log file MUST BE readable by Netdata (A good idea is to add create 0640 root netdata to fail2ban conf at logrotate.d)

It produces one chart with multiple lines (one line per jail)

Configuration#

Edit the python.d/fail2ban.conf configuration file using edit-config from the Netdata config directory, which is typically at /etc/netdata.

cd /etc/netdata # Replace this path with your Netdata config directory, if different
sudo ./edit-config python.d/fail2ban.conf

Sample:

local:
log_path: '/var/log/fail2ban.log'
conf_path: '/etc/fail2ban/jail.local'
exclude: 'dropbear apache'

If no configuration is given, module will attempt to read log file at /var/log/fail2ban.log and conf file at /etc/fail2ban/jail.local. If conf file is not found default jail is ssh.


Reach out

If you need help after reading this doc, search our community forum for an answer. There's a good chance someone else has already found a solution to the same issue.

Documentation

Community