plugin_name: python.d.plugin modules: - meta: plugin_name: python.d.plugin module_name: fail2ban monitored_instance: name: Fail2ban link: https://www.fail2ban.org/ categories: - data-collection.authentication-and-authorization icon_filename: "fail2ban.png" related_resources: integrations: list: [] info_provided_to_referring_integrations: description: "" keywords: - fail2ban - security - authentication - authorization most_popular: false overview: data_collection: metrics_description: | Monitor Fail2ban performance for prime intrusion prevention operations. Monitor ban counts, jail statuses, and failed login attempts to ensure robust network security. method_description: | It collects metrics through reading the default log and configuration files of fail2ban. supported_platforms: include: [] exclude: [] multi_instance: true additional_permissions: description: | The `fail2ban.log` file must be readable by the user `netdata`. - change the file ownership and access permissions. - update `/etc/logrotate.d/fail2ban`` to persist the changes after rotating the log file. To change the file ownership and access permissions, execute the following: ```shell sudo chown root:netdata /var/log/fail2ban.log sudo chmod 640 /var/log/fail2ban.log ``` To persist the changes after rotating the log file, add `create 640 root netdata` to the `/etc/logrotate.d/fail2ban`: ```shell /var/log/fail2ban.log { weekly rotate 4 compress delaycompress missingok postrotate fail2ban-client flushlogs 1>/dev/null endscript # If fail2ban runs as non-root it still needs to have write access # to logfiles. # create 640 fail2ban adm create 640 root netdata } ``` default_behavior: auto_detection: description: | By default the collector will attempt to read log file at /var/log/fail2ban.log and conf file at /etc/fail2ban/jail.local. If conf file is not found default jail is ssh. limits: description: "" performance_impact: description: "" setup: prerequisites: list: [] configuration: file: name: python.d/fail2ban.conf description: "" options: description: | There are 2 sections: * Global variables * One or more JOBS that can define multiple different instances to monitor. The following options can be defined globally: priority, penalty, autodetection_retry, update_every, but can also be defined per JOB to override the global values. Additionally, the following collapsed table contains all the options that can be configured inside a JOB definition. Every configuration JOB starts with a `job_name` value which will appear in the dashboard, unless a `name` parameter is specified. folding: title: Config options enabled: true list: - name: log_path description: path to fail2ban.log. default_value: /var/log/fail2ban.log required: false - name: conf_path description: path to jail.local/jail.conf. default_value: /etc/fail2ban/jail.local required: false - name: conf_dir description: path to jail.d/. default_value: /etc/fail2ban/jail.d/ required: false - name: exclude description: jails you want to exclude from autodetection. default_value: "" required: false - name: update_every description: Sets the default data collection frequency. default_value: 1 required: false - name: priority description: Controls the order of charts at the netdata dashboard. default_value: 60000 required: false - name: autodetection_retry description: Sets the job re-check interval in seconds. default_value: 0 required: false - name: penalty description: Indicates whether to apply penalty to update_every in case of failures. default_value: yes required: false - name: name description: Job name. This value will overwrite the `job_name` value. JOBS with the same name are mutually exclusive. Only one of them will be allowed running at any time. This allows autodetection to try several alternatives and pick the one that works. default_value: "" required: false examples: folding: enabled: true title: Config list: - name: Basic folding: enabled: false description: A basic example configuration. config: | local: log_path: '/var/log/fail2ban.log' conf_path: '/etc/fail2ban/jail.local' troubleshooting: problems: list: - name: Debug Mode description: | To troubleshoot issues with the `fail2ban` module, run the `python.d.plugin` with the debug option enabled. The output will give you the output of the data collection job or error messages on why the collector isn't working. First, navigate to your plugins directory, usually they are located under `/usr/libexec/netdata/plugins.d/`. If that's not the case on your system, open `netdata.conf` and look for the setting `plugins directory`. Once you're in the plugin's directory, switch to the `netdata` user. ```bash cd /usr/libexec/netdata/plugins.d/ sudo su -s /bin/bash netdata ``` Now you can manually run the `fail2ban` module in debug mode: ```bash ./python.d.plugin fail2ban debug trace ``` alerts: [] metrics: folding: title: Metrics enabled: false description: "" availability: [] scopes: - name: global description: | These metrics refer to the entire monitored application. labels: [] metrics: - name: fail2ban.failed_attempts description: Failed attempts unit: "attempts/s" chart_type: line dimensions: - name: a dimension per jail - name: fail2ban.bans description: Bans unit: "bans/s" chart_type: line dimensions: - name: a dimension per jail - name: fail2ban.banned_ips description: Banned IP addresses (since the last restart of netdata) unit: "ips" chart_type: line dimensions: - name: a dimension per jail