plugin_name: python.d.plugin
modules:
  - meta:
      plugin_name: python.d.plugin
      module_name: fail2ban
      monitored_instance:
        name: Fail2ban
        link: https://www.fail2ban.org/
        categories:
          - data-collection.authentication-and-authorization
        icon_filename: "fail2ban.png"
      related_resources:
        integrations:
          list: []
      info_provided_to_referring_integrations:
        description: ""
      keywords:
        - fail2ban
        - security
        - authentication
        - authorization
      most_popular: false
    overview:
      data_collection:
        metrics_description: |
          Monitor Fail2ban performance for prime intrusion prevention operations. Monitor ban counts, jail statuses, and failed login attempts to ensure robust network security.
        method_description: |
          It collects metrics through reading the default log and configuration files of fail2ban.
      supported_platforms:
        include: []
        exclude: []
      multi_instance: true
      additional_permissions:
        description: |
          The `fail2ban.log` file must be readable by the user `netdata`.
            - change the file ownership and access permissions.
            - update `/etc/logrotate.d/fail2ban`` to persist the changes after rotating the log file.
          
          To change the file ownership and access permissions, execute the following:
          
          ```shell
          sudo chown root:netdata /var/log/fail2ban.log
          sudo chmod 640 /var/log/fail2ban.log
          ```
          
          To persist the changes after rotating the log file, add `create 640 root netdata` to the `/etc/logrotate.d/fail2ban`:
          
          ```shell
          /var/log/fail2ban.log {
          
              weekly
              rotate 4
              compress
          
              delaycompress
              missingok
              postrotate
                  fail2ban-client flushlogs 1>/dev/null
              endscript
          
              # If fail2ban runs as non-root it still needs to have write access
              # to logfiles.
              # create 640 fail2ban adm
              create 640 root netdata
          }
          ```
      default_behavior:
        auto_detection:
          description: |
            By default the collector will attempt to read log file at /var/log/fail2ban.log and conf file at /etc/fail2ban/jail.local. If conf file is not found default jail is ssh.
        limits:
          description: ""
        performance_impact:
          description: ""
    setup:
      prerequisites:
        list: []
      configuration:
        file:
          name: ""
          description: ""
        options:
          description: |
            There are 2 sections:
            
            * Global variables
            * One or more JOBS that can define multiple different instances to monitor.
            
            The following options can be defined globally: priority, penalty, autodetection_retry, update_every, but can also be defined per JOB to override the global values.
            
            Additionally, the following collapsed table contains all the options that can be configured inside a JOB definition.
            
            Every configuration JOB starts with a `job_name` value which will appear in the dashboard, unless a `name` parameter is specified.
          folding:
            title: Config options
            enabled: true
          list:
            - name: log_path
              description: path to fail2ban.log.
              default_value: /var/log/fail2ban.log
              required: false
            - name: conf_path
              description: path to jail.local/jail.conf.
              default_value: /etc/fail2ban/jail.local
              required: false
            - name: conf_dir
              description: path to jail.d/.
              default_value: /etc/fail2ban/jail.d/
              required: false
            - name: exclude
              description: jails you want to exclude from autodetection.
              default_value: ""
              required: false
            - name: update_every
              description: Sets the default data collection frequency.
              default_value: 1
              required: false
            - name: priority
              description: Controls the order of charts at the netdata dashboard.
              default_value: 60000
              required: false
            - name: autodetection_retry
              description: Sets the job re-check interval in seconds.
              default_value: 0
              required: false
            - name: penalty
              description: Indicates whether to apply penalty to update_every in case of failures.
              default_value: yes
              required: false
            - name: name
              description: Job name. This value will overwrite the `job_name` value. JOBS with the same name are mutually exclusive. Only one of them will be allowed running at any time. This allows autodetection to try several alternatives and pick the one that works.
              default_value: ""
              required: false
        examples:
          folding:
            enabled: true
            title: Config
          list:
            - name: Basic
              folding:
                enabled: false
              description: A basic example configuration.
              config: |
                local:
                  log_path: '/var/log/fail2ban.log'
                  conf_path: '/etc/fail2ban/jail.local'
    troubleshooting:
      problems:
        list: []
    alerts: []
    metrics:
      folding:
        title: Metrics
        enabled: false
      description: ""
      availability: []
      scopes:
        - name: global
          description: |
            These metrics refer to the entire monitored application.
          labels: []
          metrics:
            - name: fail2ban.failed_attempts
              description: Failed attempts
              unit: "attempts/s"
              chart_type: line
              dimensions:
                - name: a dimension per jail
            - name: fail2ban.bans
              description: Bans
              unit: "bans/s"
              chart_type: line
              dimensions:
                - name: a dimension per jail
            - name: fail2ban.banned_ips
              description: Banned IP addresses (since the last restart of netdata)
              unit: "ips"
              chart_type: line
              dimensions:
                - name: a dimension per jail