diff options
Diffstat (limited to 'src/go/plugin/go.d/modules/fail2ban/metadata.yaml')
| -rw-r--r-- | src/go/plugin/go.d/modules/fail2ban/metadata.yaml | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/src/go/plugin/go.d/modules/fail2ban/metadata.yaml b/src/go/plugin/go.d/modules/fail2ban/metadata.yaml new file mode 100644 index 000000000..922b4e5ad --- /dev/null +++ b/src/go/plugin/go.d/modules/fail2ban/metadata.yaml @@ -0,0 +1,114 @@ +plugin_name: go.d.plugin +modules: + - meta: + id: collector-go.d.plugin-fail2ban + plugin_name: go.d.plugin + module_name: fail2ban + monitored_instance: + name: Fail2ban + link: "https://github.com/fail2ban/fail2ban#readme" + icon_filename: fail2ban.png + categories: + - data-collection.authentication-and-authorization + keywords: + - fail2ban + - security + - authentication + - authorization + related_resources: + integrations: + list: [] + info_provided_to_referring_integrations: + description: "" + most_popular: false + overview: + data_collection: + metrics_description: > + This collector tracks two main metrics for each jail: currently banned IPs and active failure incidents. + It relies on the [`fail2ban-client`](https://linux.die.net/man/1/fail2ban-client) CLI tool but avoids directly executing the binary. + Instead, it utilizes `ndsudo`, a Netdata helper specifically designed to run privileged commands securely within the Netdata environment. + This approach eliminates the need to use `sudo`, improving security and potentially simplifying permission management. + method_description: "" + supported_platforms: + include: [] + exclude: [] + multi_instance: false + additional_permissions: + description: "" + default_behavior: + auto_detection: + description: "" + limits: + description: "" + performance_impact: + description: "" + setup: + prerequisites: + list: + - title: For Netdata running in a Docker container + description: | + 1. **Install Fail2ban client**. + + Ensure `fail2ban-client` is available in the container by setting the environment variable `NETDATA_EXTRA_DEB_PACKAGES=fail2ban` when starting the container. + + 2. **Mount host's `/var/run` directory**. + + Mount the host machine's `/var/run` directory to `/host/var/run` inside your Netdata container. This grants Netdata access to the Fail2ban socket file, typically located at `/var/run/fail2ban/fail2ban.sock`. + configuration: + file: + name: go.d/fail2ban.conf + options: + description: | + The following options can be defined globally: update_every. + folding: + title: Config options + enabled: true + list: + - name: update_every + description: Data collection frequency. + default_value: 10 + required: false + - name: timeout + description: fail2ban-client binary execution timeout. + default_value: 2 + required: false + examples: + folding: + title: Config + enabled: true + list: + - name: Custom update_every + description: Allows you to override the default data collection interval. + config: | + jobs: + - name: fail2ban + update_every: 5 # Collect Fail2Ban jails statistics every 5 seconds + troubleshooting: + problems: + list: [] + alerts: [] + metrics: + folding: + title: Metrics + enabled: false + description: "" + availability: [] + scopes: + - name: jail + description: These metrics refer to the Jail. + labels: + - name: jail + description: Jail's name + metrics: + - name: fail2ban.jail_banned_ips + description: Fail2Ban Jail banned IPs + unit: addresses + chart_type: line + dimensions: + - name: banned + - name: fail2ban.jail_active_failures + description: Fail2Ban Jail active failures + unit: failures + chart_type: line + dimensions: + - name: active_failures |